| |
| |||||||
Log-Analyse und Auswertung: Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.04.2010, 19:34
| #1 |
 |  Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Hallo, ich habe seid längerer Zeit ein Problem mit meinem PC. Ich habe Google Chrome Installiert und kann es nicht öffnen, also immer wenn ich Chrome öffnen will öffnet sich der IE und in der Suchleiste steht: hxxp://%22c/Users/******/AppData/Local/Google/Chrome/Application/chrome.exe%22 Hier Hijack File: Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe C:\Windows\system32\taskeng.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rthdvcpl.exe C:\Program Files\Synaptics\SynTP\syntpenh.exe C:\Windows\WindowsMobile\wmdcbase.exe C:\Program Files\Unlocker\unlockerassistant.exe C:\Program Files\Microsoft Office\Office12\groovemonitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\program files\ati technologies\ati.ace\core-static\clistart.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Users\Sandra\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Sandra.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [userinit] C:\Users\Sandra\AppData\Roaming\sdra64.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\imqo.tmp\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\imqo.tmp\svchost.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9412 bytes UNd Malwarebytes: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3913 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18904 07.04.2010 20:32:01 mbam-log-2010-04-07 (20-32-01).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 114694 Laufzeit: 5 minute(s), 58 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Danke |
|
08.04.2010, 09:43
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Hallo,
__________________Zitat:
Erstell auch RSIT Logfiles und poste sie.
__________________ |
|
08.04.2010, 09:43
| #3 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile ups, überschnitten
__________________ |
|
08.04.2010, 20:27
| #4 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile So hier nochmal Vollständiger durchlauf mit Malware: Datenbank Version: 3930 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18904 08.04.2010 21:20:29 mbam-log-2010-04-08 (21-20-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 292884 Laufzeit: 1 Stunde(n), 47 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und mit Rsit: Logfile of random's system information tool 1.06 (written by random/random) Run by Sandra at 2010-04-08 21:24:35 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 52 GB (35%) free of 148 GB Total RAM: 3069 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:24:44, on 08.04.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wermgr.exe C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Users\Sandra\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Sandra.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\imqo.tmp\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\imqo.tmp\svchost.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9810 bytes ======Scheduled tasks folder====== C:\Windows\tasks\At1.job C:\Windows\tasks\At10.job C:\Windows\tasks\At11.job C:\Windows\tasks\At12.job C:\Windows\tasks\At13.job C:\Windows\tasks\At14.job C:\Windows\tasks\At15.job C:\Windows\tasks\At16.job C:\Windows\tasks\At17.job C:\Windows\tasks\At18.job C:\Windows\tasks\At19.job C:\Windows\tasks\At2.job C:\Windows\tasks\At20.job C:\Windows\tasks\At21.job C:\Windows\tasks\At22.job C:\Windows\tasks\At23.job C:\Windows\tasks\At24.job C:\Windows\tasks\At3.job C:\Windows\tasks\At4.job C:\Windows\tasks\At5.job C:\Windows\tasks\At6.job C:\Windows\tasks\At7.job C:\Windows\tasks\At8.job C:\Windows\tasks\At9.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\SupBackGroundTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-28 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-28 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-28 279664] {855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-08 6273568] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NPSStartup"= [] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [] "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe /autorun [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [] "AdobeBridge"= [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-04-24 723760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520] C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "NoHotStart"=0 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a703a182-2632-11dd-84af-806e6f6e6963}] shell\AutoRun\command - E:\Autorun.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2010-04-08 19:32:19 ----A---- C:\mbam-error.txt 2010-04-06 17:33:55 ----A---- C:\Windows\system32\mshtml.dll 2010-04-06 17:33:54 ----A---- C:\Windows\system32\ieframe.dll 2010-04-06 17:33:53 ----A---- C:\Windows\system32\urlmon.dll 2010-04-06 17:33:53 ----A---- C:\Windows\system32\iertutil.dll 2010-04-06 17:33:52 ----A---- C:\Windows\system32\wininet.dll 2010-04-06 17:33:52 ----A---- C:\Windows\system32\occache.dll 2010-04-06 17:33:52 ----A---- C:\Windows\system32\mstime.dll 2010-04-06 17:33:52 ----A---- C:\Windows\system32\msfeeds.dll 2010-04-06 17:33:52 ----A---- C:\Windows\system32\ieui.dll 2010-04-06 17:33:52 ----A---- C:\Windows\system32\iedkcs32.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\msfeedssync.exe 2010-04-06 17:33:51 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\jsproxy.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\ieUnatt.exe 2010-04-06 17:33:51 ----A---- C:\Windows\system32\iesysprep.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\iesetup.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\iernonce.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\iepeers.dll 2010-04-06 17:33:51 ----A---- C:\Windows\system32\ie4uinit.exe 2010-04-05 13:47:12 ----D---- C:\Program Files\Inkscape 2010-04-05 11:50:51 ----D---- C:\Program Files\ICQ7.1 2010-03-26 16:42:33 ----D---- C:\Windows\Sun 2010-03-25 21:47:12 ----D---- C:\rsit 2010-03-25 19:50:10 ----D---- C:\Users\Sandra\AppData\Roaming\Malwarebytes 2010-03-25 19:50:03 ----D---- C:\ProgramData\Malwarebytes 2010-03-25 19:50:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-25 19:33:03 ----D---- C:\Program Files\CCleaner 2010-03-24 18:30:12 ----SHD---- C:\Users\Sandra\AppData\Roaming\lowsec 2010-03-23 21:05:07 ----A---- C:\Windows\system32\asdjfhla.txt 2010-03-22 21:22:55 ----D---- C:\Users\Sandra\AppData\Roaming\streamripper 2010-03-21 23:03:04 ----D---- C:\Program Files\No23 Recorder 2010-03-13 21:50:36 ----D---- C:\Users\Sandra\AppData\Roaming\phonostar GmbH 2010-03-13 21:36:35 ----D---- C:\Users\Sandra\AppData\Roaming\Tobit 2010-03-13 21:36:18 ----D---- C:\Program Files\Common Files\Tobit 2010-03-13 21:36:18 ----A---- C:\Windows\system32\dvmsg.dll 2010-03-13 21:23:28 ----A---- C:\Windows\system32\D3DX9_42.dll 2010-03-13 21:22:44 ----D---- C:\Program Files\Winamp Detect 2010-03-13 21:22:33 ----D---- C:\Users\Sandra\AppData\Roaming\Winamp 2010-03-13 21:13:15 ----D---- C:\Users\Sandra\AppData\Roaming\RadioRipper 2010-03-12 20:27:51 ----D---- C:\ProgramData\Sun 2010-03-12 20:27:50 ----D---- C:\Program Files\Common Files\Java 2010-03-12 20:27:34 ----A---- C:\Windows\system32\javaws.exe 2010-03-12 20:27:34 ----A---- C:\Windows\system32\javaw.exe 2010-03-12 20:27:34 ----A---- C:\Windows\system32\java.exe 2010-03-11 10:51:26 ----A---- C:\Windows\system32\nshhttp.dll 2010-03-11 10:51:23 ----A---- C:\Windows\system32\httpapi.dll 2010-03-09 08:43:59 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-03-09 08:43:59 ----A---- C:\Windows\system32\ntkrnlpa.exe ======List of files/folders modified in the last 1 months====== 2010-04-08 21:24:35 ----D---- C:\Windows\Temp 2010-04-08 21:20:09 ----D---- C:\Windows\System32 2010-04-08 21:20:09 ----D---- C:\Windows\inf 2010-04-08 21:20:09 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-04-08 20:50:23 ----D---- C:\Windows\Prefetch 2010-04-08 20:45:02 ----D---- C:\Windows\Tasks 2010-04-08 20:38:39 ----D---- C:\Users\Sandra\AppData\Roaming\ICQ 2010-04-08 19:32:14 ----D---- C:\Windows\system32\drivers 2010-04-07 20:38:50 ----D---- C:\Windows\Minidump 2010-04-07 20:38:50 ----D---- C:\Windows 2010-04-06 22:17:15 ----D---- C:\Windows\system32\catroot2 2010-04-06 20:49:56 ----D---- C:\Windows\system32\migration 2010-04-06 20:49:56 ----D---- C:\Program Files\Internet Explorer 2010-04-06 19:59:56 ----D---- C:\Windows\winsxs 2010-04-06 18:20:09 ----SHD---- C:\System Volume Information 2010-04-06 17:40:19 ----D---- C:\Windows\system32\Tasks 2010-04-06 14:07:26 ----D---- C:\Windows\system32\catroot 2010-04-05 20:48:02 ----RD---- C:\Program Files\Skype 2010-04-05 20:48:02 ----D---- C:\Program Files\Unlocker 2010-04-05 20:48:02 ----D---- C:\Program Files\DNA 2010-04-05 20:47:13 ----D---- C:\Users\Sandra\AppData\Roaming\Adobe 2010-04-05 14:00:07 ----D---- C:\Users\Sandra\AppData\Roaming\Inkscape 2010-04-05 13:49:30 ----SHD---- C:\Windows\Installer 2010-04-05 13:49:29 ----HD---- C:\Config.Msi 2010-04-05 13:49:17 ----D---- C:\Program Files\Google 2010-04-05 13:47:12 ----RD---- C:\Program Files 2010-04-05 13:46:43 ----D---- C:\Users\Sandra\AppData\Roaming\Google 2010-04-05 13:46:30 ----D---- C:\ProgramData\Google 2010-04-05 11:51:26 ----D---- C:\Program Files\ICQ6Toolbar 2010-04-05 11:51:17 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-05 11:51:17 ----D---- C:\ProgramData\ICQ 2010-04-05 11:51:17 ----D---- C:\Program Files\ICQ6.5 2010-04-05 11:42:35 ----D---- C:\Program Files\Common Files\LightScribe 2010-04-05 11:41:33 ----D---- C:\Program Files\Winamp 2010-04-05 11:40:38 ----D---- C:\Windows\WindowsMobile 2010-04-05 11:38:19 ----D---- C:\Program Files\Microsoft IntelliPoint 2010-03-28 17:55:57 ----D---- C:\Program Files\Common Files\Nikon 2010-03-28 17:54:21 ----HD---- C:\ProgramData 2010-03-26 21:38:16 ----D---- C:\DVDVideoSoft 2010-03-25 21:38:30 ----D---- C:\Windows\Logs 2010-03-25 21:35:30 ----D---- C:\Users\Sandra\AppData\Roaming\Desktopicon 2010-03-25 19:39:14 ----D---- C:\Windows\Debug 2010-03-25 10:33:06 ----D---- C:\Downloads 2010-03-25 00:37:17 ----D---- C:\Program Files\BitComet 2010-03-25 00:35:26 ----D---- C:\Users\Sandra\AppData\Roaming\DNA 2010-03-24 23:23:17 ----D---- C:\Program Files\Common Files 2010-03-24 23:23:08 ----D---- C:\ProgramData\Skype 2010-03-24 22:16:15 ----D---- C:\Windows\system32\wbem 2010-03-24 22:14:49 ----D---- C:\Windows\VMC302 2010-03-24 22:14:49 ----D---- C:\Windows\system32\spool 2010-03-24 22:14:49 ----D---- C:\Windows\system32\CodeIntegrity 2010-03-24 22:14:48 ----D---- C:\Windows\registration 2010-03-24 22:14:48 ----D---- C:\ProgramData\FLEXnet 2010-03-24 22:04:46 ----D---- C:\Program Files\Mozilla Firefox 2010-03-24 22:04:42 ----D---- C:\Users\Sandra\AppData\Roaming\Mozilla 2010-03-24 21:49:28 ----D---- C:\Windows\system 2010-03-24 18:27:47 ----HD---- C:\Windows\system32\GroupPolicy 2010-03-13 21:29:15 ----RSD---- C:\Windows\assembly 2010-03-12 20:27:28 ----D---- C:\Program Files\Java 2010-03-11 11:42:52 ----D---- C:\Program Files\Windows Mail 2010-03-11 11:42:52 ----D---- C:\Program Files\Movie Maker ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2008-04-16 13312] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-18 3542016] R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-07-15 36608] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-07 2152088] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456] R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2007-10-17 242560] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-03 245248] S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-03-05 34576] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-03-05 39184] S3 bthav;Bluetooth-AV-Profil; C:\Windows\system32\drivers\bthav.sys [2007-08-14 33792] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-07-05 19456] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-07-05 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-05 29184] S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2009-05-28 30088] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-18 3542016] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664] S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-19 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-03-30 38224] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-18 663552] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-07-15 233472] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-28 135664] S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-06-28 72704] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-29 655624] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-28 194104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840] S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272] S4 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416] -----------------EOF----------------- |
|
09.04.2010, 09:48
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfileZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2010, 11:07
| #6 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Die Datenbank wurde doch von 3913 zu 3930 kurz vor dem Durchlauf Aktualisiert!!! |
|
09.04.2010, 11:12
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Ja, nur durch das Installieren von Version 1.45. Du musst nach der Installation auch nochmal manuell auf Updates klicken! Jetzt aktuell ist DB Version 3970!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2010, 13:05
| #8 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile So jetzt aber hoffentlich!  Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3970 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18904 09.04.2010 14:02:48 mbam-log-2010-04-09 (14-02-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 292881 Laufzeit: 1 Stunde(n), 52 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
09.04.2010, 18:30
| #9 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Kann mir keiner helfen?  |
|
09.04.2010, 18:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Jop, auch wenn Geduld nicht gerade Deine Stärke ist  Poste bitte noch ein OTL Logfile, mit dem seh ich mehr: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2010, 18:45
| #11 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Ok Sorry!! Bei mir hat Avira gerade beim Durchlauf ein Virus gemeldet: C:\Users\******\AppData\Roaming\sdra64.exe "DAS Trojanische Pferd: TR/Spy.ZBot.118272" OTL logfile created on: 09.04.2010 19:34:15 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Sandra\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 50,33 Gb Free Space | 34,93% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANDRA-PC Current User Name: Sandra Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (bthav) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2010.03.24 22:04:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.07.19 10:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe File not found O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe File not found O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a703a182-2632-11dd-84af-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a703a182-2632-11dd-84af-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Users\Sandra\AppData\Roaming\sdra64 .exe [2010.04.09 19:33:30 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe [2010.04.07 20:16:39 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Users\Sandra\Desktop\ChromeSetup.exe [2010.04.06 17:33:52 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.04.06 17:33:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.04.06 17:33:52 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.04.06 17:33:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.04.06 17:33:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.04.06 17:33:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.04.06 17:33:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.04.06 17:33:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.04.06 17:33:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.04.06 17:33:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.04.06 17:33:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.04.06 17:33:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.04.06 17:33:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.04.06 17:33:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.04.06 17:33:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.04.05 13:47:12 | 000,000,000 | ---D | C] -- C:\Programme\Inkscape [2010.04.05 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\AOL [2010.04.05 11:50:51 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.1 [2010.03.28 13:14:39 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Eigene Google Gadgets [2010.03.26 16:42:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.03.25 21:47:12 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.25 19:50:10 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes [2010.03.25 19:50:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.25 19:50:03 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.25 19:50:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.03.25 19:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.03.25 19:33:03 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.03.25 19:32:10 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\Sandra\ccsetup229.exe [2010.03.25 10:47:26 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Deployment [2010.03.25 10:47:26 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Apps [2010.03.24 18:30:12 | 000,000,000 | -HSD | C] -- C:\Users\Sandra\AppData\Roaming\lowsec [2010.03.22 21:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\streamripper [2010.03.21 23:03:04 | 000,000,000 | ---D | C] -- C:\Programme\No23 Recorder [2010.03.13 21:50:43 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Aufnahmen [2010.03.13 21:50:36 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\phonostar GmbH [2010.03.13 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Tobit [2010.03.13 21:36:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Tobit [2010.03.13 21:23:28 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.03.13 21:22:44 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect [2010.03.13 21:22:33 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Winamp [2010.03.13 21:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\RadioRipper [2010.03.12 20:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.03.12 20:27:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.03.12 20:27:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.03.12 20:27:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.03.12 20:27:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.03.11 10:51:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.03.11 10:51:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.09 19:35:50 | 007,340,032 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT [2010.04.09 19:33:45 | 000,000,680 | ---- | M] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat [2010.04.09 19:33:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe [2010.04.09 19:28:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.09 19:00:44 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job [2010.04.09 19:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At20.job [2010.04.09 18:38:17 | 001,602,878 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.09 18:38:17 | 000,688,784 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.09 18:38:17 | 000,645,558 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.09 18:38:17 | 000,151,782 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.09 18:38:17 | 000,123,642 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.09 18:32:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.09 18:31:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.09 18:31:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.09 18:31:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.09 18:31:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.09 18:31:15 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2010.04.09 14:11:31 | 000,524,288 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.04.09 14:11:31 | 000,065,536 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.09 14:11:27 | 002,639,869 | -H-- | M] () -- C:\Users\Sandra\AppData\Local\IconCache.db [2010.04.09 14:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At15.job [2010.04.09 08:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At9.job [2010.04.09 07:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At8.job [2010.04.08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At23.job [2010.04.08 21:13:57 | 000,002,869 | ---- | M] () -- C:\Windows\System32\dmlg.dat [2010.04.08 21:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At22.job [2010.04.08 20:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At21.job [2010.04.07 20:16:41 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Users\Sandra\Desktop\ChromeSetup.exe [2010.04.06 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At19.job [2010.04.05 17:38:16 | 000,000,713 | ---- | M] () -- C:\Users\Sandra\.recently-used.xbel [2010.04.05 16:59:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At18.job [2010.04.05 15:59:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At17.job [2010.04.05 15:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At16.job [2010.04.05 13:56:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At7.job [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At6.job [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At5.job [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At4.job [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At3.job [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At24.job [2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At2.job [2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At14.job [2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At13.job [2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At12.job [2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At11.job [2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At10.job [2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.28 15:31:11 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.03.28 14:58:51 | 000,098,304 | ---- | M] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.25 21:46:21 | 000,781,909 | ---- | M] () -- C:\Users\Sandra\Desktop\RSIT.exe [2010.03.25 19:50:08 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.25 19:33:04 | 000,001,670 | ---- | M] () -- C:\Users\Sandra\Desktop\CCleaner.lnk [2010.03.25 19:32:26 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\Sandra\ccsetup229.exe [2010.03.11 22:35:51 | 000,197,234 | ---- | M] () -- C:\Users\Sandra\Normales Zellbild.docx [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.09 19:33:45 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat [2010.04.05 17:38:16 | 000,000,713 | ---- | C] () -- C:\Users\Sandra\.recently-used.xbel [2010.04.05 13:56:30 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk [2010.04.05 11:37:53 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At24.job [2010.04.05 11:37:53 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At23.job [2010.04.05 11:37:52 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At22.job [2010.04.05 11:37:51 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At21.job [2010.04.05 11:37:48 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At20.job [2010.04.05 11:37:47 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At19.job [2010.04.05 11:37:46 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At18.job [2010.04.05 11:37:45 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At17.job [2010.04.05 11:37:44 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At16.job [2010.04.05 11:37:43 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At15.job [2010.04.05 11:37:42 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At14.job [2010.04.05 11:37:40 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At13.job [2010.04.05 11:37:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At12.job [2010.04.05 11:37:35 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At11.job [2010.04.05 11:37:29 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At10.job [2010.04.05 11:37:21 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At3.job [2010.04.05 11:37:19 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At2.job [2010.04.05 11:37:18 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At1.job [2010.03.28 17:34:41 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At8.job [2010.03.28 17:34:40 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At7.job [2010.03.28 17:34:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At6.job [2010.03.28 17:34:38 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At5.job [2010.03.28 17:34:37 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At4.job [2010.03.28 13:13:51 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.28 13:13:48 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.27 19:05:31 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At9.job [2010.03.25 21:46:18 | 000,781,909 | ---- | C] () -- C:\Users\Sandra\Desktop\RSIT.exe [2010.03.25 21:36:28 | 000,003,537 | ---- | C] () -- C:\Users\Sandra\mbam-log-2010-03-25 (20-35-30).txt [2010.03.25 19:50:08 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.25 19:33:04 | 000,001,670 | ---- | C] () -- C:\Users\Sandra\Desktop\CCleaner.lnk [2010.03.24 18:27:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.13 21:36:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.03.11 21:46:18 | 000,197,234 | ---- | C] () -- C:\Users\Sandra\Normales Zellbild.docx [2010.02.20 19:07:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.29 22:40:36 | 000,000,094 | ---- | C] () -- C:\Users\Sandra\AppData\Local\fusioncache.dat [2009.12.25 12:38:50 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.19 16:39:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.12.19 16:39:45 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.11.17 15:06:54 | 000,019,968 | -HS- | C] () -- C:\Users\Sandra\Thumbs.db [2009.10.15 15:12:48 | 000,005,697 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\accounts.txt [2009.10.03 10:22:32 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.10.01 19:13:37 | 000,085,718 | ---- | C] () -- C:\Users\Sandra\BABY_1.jpg [2009.10.01 19:10:51 | 000,085,708 | ---- | C] () -- C:\Users\Sandra\BABY_2.jpg [2009.09.29 21:33:46 | 000,000,268 | RH-- | C] () -- C:\Users\Sandra\AppData\Roaming\CIOSupport [2009.09.29 21:33:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Carbon [2009.09.29 21:33:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2009.09.29 21:33:44 | 000,000,268 | RH-- | C] () -- C:\Users\Sandra\AppData\Roaming\CMMs [2009.09.29 21:33:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Channel [2009.09.29 15:16:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2009.09.09 20:48:40 | 000,741,888 | ---- | C] () -- C:\Users\Sandra\Midnight_Sun__12_Kapitel_Deutsch_.doc [2009.07.15 19:57:15 | 000,000,767 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.05.29 08:15:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\Super Strings [2009.05.29 08:04:33 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2009.05.29 08:04:33 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\SystemConfiguration [2009.04.25 13:40:18 | 000,200,347 | RHS- | C] () -- C:\Programme\Setup.ini [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.11 14:13:38 | 000,025,834 | ---- | C] () -- C:\Users\Sandra\AppData\Local\derbeagletabelle.png [2008.10.11 14:13:32 | 000,002,825 | ---- | C] () -- C:\Users\Sandra\AppData\Local\derbeagle.html [2008.10.09 12:50:45 | 000,002,793 | ---- | C] () -- C:\Users\Sandra\AppData\Local\index.html [2008.10.05 17:30:26 | 000,026,340 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\UserTile.png [2008.10.04 19:57:51 | 000,003,657 | ---- | C] () -- C:\Users\Sandra\AppData\Local\gallerie.html [2008.10.04 19:47:37 | 000,054,595 | ---- | C] () -- C:\Users\Sandra\AppData\Local\gallerie04.10.2008.png [2008.10.04 08:37:54 | 000,003,002 | ---- | C] () -- C:\Users\Sandra\AppData\Local\charakter.html [2008.10.03 22:41:04 | 000,001,945 | ---- | C] () -- C:\Users\Sandra\AppData\Local\kontakt.html [2008.10.03 22:41:02 | 000,003,154 | ---- | C] () -- C:\Users\Sandra\AppData\Local\jackie.html [2008.10.03 22:41:00 | 000,006,445 | ---- | C] () -- C:\Users\Sandra\AppData\Local\impressum.html [2008.10.03 22:40:55 | 000,003,177 | ---- | C] () -- C:\Users\Sandra\AppData\Local\geschichte.html [2008.10.03 22:33:36 | 000,059,292 | ---- | C] () -- C:\Users\Sandra\AppData\Local\galleriesommer08.png [2008.10.03 22:29:48 | 000,037,911 | ---- | C] () -- C:\Users\Sandra\AppData\Local\jackietabelle.png [2008.10.03 22:29:46 | 000,071,081 | ---- | C] () -- C:\Users\Sandra\AppData\Local\jackiebild.png [2008.10.03 22:29:42 | 000,004,310 | ---- | C] () -- C:\Users\Sandra\AppData\Local\jackie.png [2008.10.03 22:29:41 | 000,004,250 | ---- | C] () -- C:\Users\Sandra\AppData\Local\impressum.png [2008.10.03 22:29:40 | 000,005,016 | ---- | C] () -- C:\Users\Sandra\AppData\Local\herzlich.png [2008.10.03 22:29:39 | 000,004,658 | ---- | C] () -- C:\Users\Sandra\AppData\Local\geschichte.png [2008.10.03 22:29:35 | 000,004,106 | ---- | C] () -- C:\Users\Sandra\AppData\Local\gallerie.png [2008.10.03 22:29:34 | 000,140,602 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DSC_0657.png [2008.10.03 22:29:34 | 000,000,765 | ---- | C] () -- C:\Users\Sandra\AppData\Local\email.png [2008.10.03 22:29:27 | 000,063,639 | ---- | C] () -- C:\Users\Sandra\AppData\Local\derbeagletabelle.pspimage [2008.10.03 22:29:22 | 000,006,892 | ---- | C] () -- C:\Users\Sandra\AppData\Local\derbeagle.png [2008.10.03 22:29:21 | 000,004,356 | ---- | C] () -- C:\Users\Sandra\AppData\Local\charakter.png [2008.10.03 22:29:16 | 000,218,812 | ---- | C] () -- C:\Users\Sandra\AppData\Local\Bild8.png [2008.10.03 22:29:06 | 000,050,333 | ---- | C] () -- C:\Users\Sandra\AppData\Local\banner.png [2008.10.03 15:46:36 | 000,237,481 | ---- | C] () -- C:\Users\Sandra\AppData\Local\Bild7.png [2008.08.29 20:23:34 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2008.07.05 13:54:46 | 000,098,304 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.05 12:27:06 | 000,000,020 | -HS- | C] () -- C:\Users\Sandra\ntuser.ini [2008.07.05 12:27:04 | 007,340,032 | -HS- | C] () -- C:\Users\Sandra\NTUSER.DAT [2008.07.05 12:27:04 | 000,524,288 | -HS- | C] () -- C:\Users\Sandra\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.07.05 12:27:04 | 000,524,288 | -HS- | C] () -- C:\Users\Sandra\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.07.05 12:27:04 | 000,262,144 | -H-- | C] () -- C:\Users\Sandra\ntuser.dat.LOG1 [2008.07.05 12:27:04 | 000,065,536 | -HS- | C] () -- C:\Users\Sandra\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008.07.05 12:27:04 | 000,000,000 | -H-- | C] () -- C:\Users\Sandra\ntuser.dat.LOG2 [2008.04.16 01:44:48 | 000,004,512 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.04.16 01:37:29 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.04.16 01:37:29 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.04.15 07:40:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.15 07:40:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.24 11:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2001.11.14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E44D7155 < End of report > |
|
09.04.2010, 18:45
| #12 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile OTL Extras logfile created on: 09.04.2010 19:34:15 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Sandra\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 50,33 Gb Free Space | 34,93% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANDRA-PC Current User Name: Sandra Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with Paint Shop Pro 9] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B99885-3EEB-4E11-93C8-69A609306F56}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{07CA26B0-4E46-4B70-86E5-C68CD40F0F13}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{0DA039A4-929E-448D-AC1A-E2BEE72A69C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{11B7F2B0-6619-4E9D-90DF-BC43A8453BCE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{1AA93F1B-6730-4572-88C3-9FF3ECC0EABD}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{24859C16-C75D-4853-B964-FCC2A6EFBEBF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{36B14E9E-AE3C-41A7-8CD1-E205DA773BE6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{3A66AA47-711F-48CE-9B5B-27894A0A6CD2}" = rport=5358 | protocol=6 | dir=out | app=system | "{42F7A4F6-FDD1-48B7-829F-4FF8393D40F9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{5574FD38-4777-4C0F-8EFC-0D9682026D98}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{59D7CCF9-83D4-4C64-B174-613A1E1205F1}" = lport=5358 | protocol=6 | dir=in | app=system | "{62712162-49AC-4BA2-9D86-45E1CB57135D}" = lport=5357 | protocol=6 | dir=in | app=system | "{70ADF71E-9D8E-4A00-9100-722BC10CA26C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72B72431-358C-4D06-9B04-3E2DD760AA89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7A37EF76-D178-4233-933A-4F4130BB9457}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{7BA6B1C6-56CB-4161-AD39-C638FB84FB22}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{8EC03E37-D300-448F-BE80-507089FDA6ED}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{9AEA4EC6-DDF7-47AC-AF53-640EDA4C274D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{A9E252C8-28AB-4F78-A793-CE3B3CFEBD5E}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{AB18A825-037F-4873-8A6C-5C588CEC81C7}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{AECD2677-4D80-4EFF-991A-B7E1CEFFFB76}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{B00E020F-CE39-4C32-9E73-09FDC77E54D8}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{C3B5F28A-CB9D-41FC-97CE-5420DAF5B62C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CA0659A6-D133-4EC0-A047-072602918DCE}" = rport=5357 | protocol=6 | dir=out | app=system | "{CD3D0C66-6133-42BF-BB26-B04703574203}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D4753C7F-547F-44D9-A25E-518D37062F26}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{E1A8742B-291C-4FAA-BE36-B45BD8BE441E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{E684F826-312C-466E-A976-B6E47023582F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{F1A61568-1ABA-442F-9F14-01FFD61085C4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{F6C3A18A-2BA6-4FB3-BD23-49611C0BDD58}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04543734-97B7-4B75-B3E8-B7E5AD70720E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{062C92EA-A0AA-4D41-BB5A-0C5B010CEE74}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{07B5DFDE-770D-41C0-9871-1A5F744C0B0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0F29E20D-1E14-41FE-8FE9-568008EA90C1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{0F5E85FD-2081-4AF3-8C4E-90846FDEDA0A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{12A57763-74BF-4326-908E-9EE2D7ED46D7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{1B6CE3DA-5006-4D16-821B-9B550A0F33B8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1E0063C3-FB49-4DDF-84D7-4B37BFF8B289}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{21B01BDD-1B5B-41C7-B4C5-15A4DD2AD963}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28921582-6AFB-4AC9-B965-4C940D1647F9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{2E53035B-AE7F-46AD-B793-3B62913DC5CE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{30615B0C-26ED-4C1C-945E-9D765704BDF3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{3A3E8271-718C-449E-BA5A-538265ACC5E0}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{3ACC9605-9769-4999-BD81-DA17CE3D273F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{3B4F65A5-C7AA-467A-BA38-1D49DE2640BD}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{50169631-4934-4D55-83CB-5A3D21A96A89}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | "{511ACEB1-CA6D-4C55-9AA9-7D5F25C3EEB0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{55F1CA19-3C1B-475C-B07B-85DD8996B635}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{59ADA7B4-9379-444A-9EC1-C74D2DE802B8}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{686282BC-0976-4785-A91A-EEEFC2DF9172}" = protocol=17 | dir=in | app=c:\program files\dna\btdna .exe | "{7271579C-6A76-46DE-A725-6E1317AEC490}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{73236B19-42A8-43FF-BC5F-4B57ED5174DC}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{7BD0780C-DC17-40F2-91F9-51C0730A1591}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{81CD75C3-509A-44C4-9678-B7A7DBF4D817}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{844F3AB4-321F-4189-9CD8-247A934DC678}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{869031AA-F1EA-46DE-BF3C-033F79EE7283}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{86A1E582-45E3-487A-8FD8-03C64358C819}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{87E70B79-581D-48F9-B502-F1F7B694F9EA}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{8E271DED-B96F-4FAC-8754-42F2AA31B301}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{917162C2-AB40-4B59-8C2A-E5DDA482BA3C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{9631F311-1A69-40BD-9395-5DC3684A8DAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{97ECB7D4-1944-4ED5-8649-69FA5D34B0CD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe | "{A15B39FE-26DE-4CC8-9F74-FA1460E74C7C}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{A29DD84A-F82C-4E90-ADAC-5F423AF2291B}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{A375FF18-09EB-4973-A31F-BE9BA8491157}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{A7058065-D245-4957-8E25-2F16085DF306}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{A76195EB-D712-4CA2-8934-BEC8FD1C3FD3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{AA43B5A1-CE35-4780-B7AD-431B055DD84B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{AAC25A60-4AEF-45F0-99F6-5316126E23A4}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{ABC1DB21-DAF4-49DA-BC17-583295318FFB}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{B4A8526E-7ED6-426A-9328-3BEDF591BE93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B617D78C-9BD4-4DE2-BB69-F4CB4D6113E7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna .exe | "{B694E2CC-4C5A-4C86-9EBB-B194056454CD}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{B9C72945-A005-4C50-87A2-174DBB8FA498}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{BB6124AA-A897-459E-AA76-0A8CCB406267}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{C209B92F-E660-42CF-8B59-3DB9D3ED8383}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | "{C3675925-9DB9-48B3-A2E3-A42C0BEC5F4C}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{C3D53EEF-6838-406A-A757-AF6E335B2190}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{D9DAF535-D54F-4C20-9C98-55F2E90052B3}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{DE5B8A7F-9F74-4AA7-937D-FDC4F990E562}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{DF937D63-297E-451B-BBFF-51B7B1636DF7}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{E144BFEF-8533-4205-ADD8-85DCD82F1E0C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{E148909C-AC37-4251-82EB-E1BFE60F735D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{E5D2A698-1E22-4B38-B225-64AC140D4BE5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{EA582196-66A7-4A0A-9206-25E58E1CE5E5}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{ECCBDE55-B7BD-4D33-95D8-6E07207B8204}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{F3E591F4-0F82-4E86-AB96-D86BA5FCD33B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{F5E9EEBD-EC10-4057-8EF2-07EC551D54BB}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{F6BBC102-DF1E-4B9B-94F6-DCA2B1CB2FCE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe | "{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "TCP Query User{0097E839-CE24-4388-B8BB-11BB70141042}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{087B874D-FAE8-4B4B-B5B7-836AE96FD18E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{0F0958B9-0297-4490-83C4-759F17B6C558}C:\users\sandra\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sandra\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{15EF133B-8A71-4C28-8634-FFC9A4650EC2}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{191979C0-C9C6-4A08-A363-1EE95466518D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{30B320A7-1F4F-4D52-BBBC-2DF5745D044A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{369B466E-F358-4413-AB18-085334954C22}C:\program files\radioripper\radioripper.exe" = protocol=6 | dir=in | app=c:\program files\radioripper\radioripper.exe | "TCP Query User{691089E3-8067-418F-BDCE-196A62376994}C:\users\sandra\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sandra\program files\dna\btdna.exe | "TCP Query User{74BFBF5D-5A1E-4782-9F5F-E0EF52477E59}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{7A6BE00D-D07C-4BD4-AA31-F7A4897AAAAA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{82E14D42-DED2-4885-A51E-BCBAB54DB3AE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{96B93DC3-CA51-4B7A-A208-CABE57C71FFF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{A9048815-558E-4016-9E6B-9C33B9E6FA2B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{B399342F-BB8A-4DBC-9363-FDA02F4E3874}C:\users\sandra\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sandra\program files\dna\btdna.exe | "TCP Query User{CA6E1FE4-02B9-4935-BB48-31BE931C524D}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "TCP Query User{E0F11DAC-5E26-409A-94F4-F193F65C9035}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{EECC684E-087E-4529-8AEA-ADA74D563818}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{F0C7FB76-BF13-49E4-AF24-A4A5E0E68DCC}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe | "TCP Query User{F5380B56-586E-457C-BCBB-E05D613BE3A9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{0E600685-F22B-4378-A1E3-179B193DDE09}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{123E59AC-B07B-4C9D-826C-767B894A2F03}C:\users\sandra\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sandra\program files\dna\btdna.exe | "UDP Query User{1D8C0621-E1F1-4BD6-B1A0-9C45AD228DF1}C:\users\sandra\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sandra\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{1EDE5492-E78D-4FD5-9A45-5A50E7A4003E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{200373C9-1556-4B5B-BFF1-3CD0C3C876FA}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "UDP Query User{311280AB-57B8-4193-A23A-F856A8F9E36E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{3B1F42F8-E997-4FF4-B7B4-BCDFDB5D87FC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{71BE9F77-3770-4EC1-AE61-40F8D3644F3F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7C17B6F9-7DF0-4715-B468-AB92E7EC2C1F}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe | "UDP Query User{903C5A9C-D720-40CB-9CD3-C0284C0A06AD}C:\users\sandra\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sandra\program files\dna\btdna.exe | "UDP Query User{950F8F65-FE73-4DE1-AC21-24903D1F06DA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{AE639A15-7EB6-4A3B-8960-2AC09AEAB048}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{BD962C60-D063-4D28-AC58-70635B419634}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{CEF9DD79-B1FD-42B1-8806-C1EF5A426570}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{D29EA81C-10A4-420C-997E-BF811F647A20}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{DF0263E8-7B83-4BC7-A2E9-05FA701FA001}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{E2A52229-EE17-4A6B-9496-E30D1A6891DF}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{F9DD291C-3CB1-40C9-B7B9-0EC55114E90D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{FA5DE53B-8F88-474F-895F-B5ACA7C3ACAB}C:\program files\radioripper\radioripper.exe" = protocol=17 | dir=in | app=c:\program files\radioripper\radioripper.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00300409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Proofing Tools Disc 1 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre "{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista "{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static "{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional "{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek "{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100 "{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese "{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish "{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese "{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5 "{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager "{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New "{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch "{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish "{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese "{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{AF98AF15-161E-42EC-9008-1CCF9BB83961}" = Bluesoleil3.2.1.2 Release 070314 "{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD11E3C6-065E-40BB-A129-435C4530A159}_is1" = Jewel Master - Cradle Of Rome "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0 "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean "{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English "{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish "{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0 "{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard "{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean "{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian "{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish "{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins "{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German "{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "CCleaner" = CCleaner "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Core FTP LE 2.1" = Core FTP LE 2.1 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DPP" = Canon Utilities Digital Photo Professional 3.6 "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Utility" = Canon Utilities EOS Utility "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free HD Converter_is1" = Free HD Converter V 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ICQToolbar" = ICQ Toolbar "Inkscape" = Inkscape 0.47 "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "Jalbum_0" = Jalbum 8.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MyCamera" = Canon Utilities MyCamera "Original Data Security Tools" = Canon Utilities Original Data Security Tools "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "Picture Style Editor" = Canon Utilities Picture Style Editor "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility "Winamp" = Winamp "WinRAR archiver" = WinRAR "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.04.2010 07:54:47 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17182 Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode 0x80. Error - 09.04.2010 07:54:47 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17182 Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode 0x1. Error - 09.04.2010 07:54:47 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17826 Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll. Error - 09.04.2010 07:54:47 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17120 Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen zu möglichen verwandten Problemen. Error - 09.04.2010 12:32:15 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 4. Error - 09.04.2010 12:32:15 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 26015 Description = Das vom Benutzer angegebene Zertifikat kann nicht geladen werden. Da die Verbindungsverschlüsselung erforderlich ist, wird vom Server keine Verbindung akzeptiert. Überprüfen Sie, ob das Zertifikat richtig installiert ist. Lesen Sie 'Konfigurieren eines Zertifikats zur Verwendung durch SSL' in der Onlinedokumentation. Error - 09.04.2010 12:32:15 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17182 Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode 0x80. Error - 09.04.2010 12:32:15 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17182 Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode 0x1. Error - 09.04.2010 12:32:15 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17826 Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll. Error - 09.04.2010 12:32:15 | Computer Name = Sandra-PC | Source = MSSQL$MSSMLBIZ | ID = 17120 Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen zu möglichen verwandten Problemen. [ OSession Events ] Error - 21.08.2008 05:47:35 | Computer Name = Sandra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.10.2009 03:38:21 | Computer Name = Sandra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.10.2009 04:29:37 | Computer Name = Sandra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.10.2009 13:07:29 | Computer Name = Sandra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 08.04.2010 15:14:22 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7032 Description = Error - 09.04.2010 00:57:29 | Computer Name = Sandra-PC | Source = HTTP | ID = 15016 Description = Error - 09.04.2010 00:58:29 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2010 00:58:35 | Computer Name = Sandra-PC | Source = DCOM | ID = 10001 Description = Error - 09.04.2010 07:54:04 | Computer Name = Sandra-PC | Source = HTTP | ID = 15016 Description = Error - 09.04.2010 07:55:03 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2010 07:55:37 | Computer Name = Sandra-PC | Source = DCOM | ID = 10001 Description = Error - 09.04.2010 12:31:56 | Computer Name = Sandra-PC | Source = HTTP | ID = 15016 Description = Error - 09.04.2010 12:32:51 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2010 12:32:53 | Computer Name = Sandra-PC | Source = DCOM | ID = 10001 Description = < End of report > |
|
09.04.2010, 18:56
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
[2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
File not found -- C:\Users\Sandra\AppData\Roaming\sdra64 .exe
[2010.04.09 19:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.04.09 14:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.04.09 08:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.04.09 07:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.04.08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.04.08 21:13:57 | 000,002,869 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.04.08 21:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.04.08 20:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.04.06 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.04.05 16:59:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.04.05 15:59:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.04.05 15:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.04.05 11:53:47 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.04.05 11:53:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.03.13 21:36:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
Das Logfile nach dem Fixen müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2010, 18:58
| #14 |
| | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile ========== OTL ========== Service ICQ Service stopped successfully! Service ICQ Service deleted successfully! C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully. C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{71BFC818-0CED-42D6-9C87-5142918957EE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found. C:\Programme\ICQ7.1\ICQ.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found. File C:\Programme\ICQ7.1\ICQ.exe not found. C:\Windows\Tasks\At20.job moved successfully. C:\Windows\Tasks\At15.job moved successfully. C:\Windows\Tasks\At9.job moved successfully. C:\Windows\Tasks\At8.job moved successfully. C:\Windows\Tasks\At23.job moved successfully. C:\Windows\System32\dmlg.dat moved successfully. C:\Windows\Tasks\At22.job moved successfully. C:\Windows\Tasks\At21.job moved successfully. C:\Windows\Tasks\At19.job moved successfully. C:\Windows\Tasks\At18.job moved successfully. C:\Windows\Tasks\At17.job moved successfully. C:\Windows\Tasks\At16.job moved successfully. C:\Windows\Tasks\At7.job moved successfully. C:\Windows\Tasks\At6.job moved successfully. C:\Windows\Tasks\At5.job moved successfully. C:\Windows\Tasks\At4.job moved successfully. C:\Windows\Tasks\At3.job moved successfully. C:\Windows\Tasks\At24.job moved successfully. C:\Windows\Tasks\At2.job moved successfully. C:\Windows\Tasks\At14.job moved successfully. C:\Windows\Tasks\At13.job moved successfully. C:\Windows\Tasks\At12.job moved successfully. C:\Windows\Tasks\At11.job moved successfully. C:\Windows\Tasks\At10.job moved successfully. C:\Windows\Tasks\At1.job moved successfully. C:\Windows\System32\dvmsg.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. OTL by OldTimer - Version 3.2.1.1 log created on 04092010_195709 |
|
09.04.2010, 19:14
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile Schön Noch Probleme? Wenn nicht bitte Updates prüfen. Dir fehlt das wichtige Vista-SP2!! Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Chrome Problem, Verdacht auf Virus auf dem PC! Hijack+Malwarebytes logfile |
| adobe, agere systems, antivir, antivir guard, avg, avira, bho, bonjour, browser, defender, desktop, google, google chrome, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, locker, logfile, malwarebytes' anti-malware, nicht öffnen, opera.exe, plug-in, problem, rundll, software, svchost.exe, system, temp, userinit.exe, verdacht auf virus, virus, virus auf dem pc, windows, öffnet |
Linear-Darstellung
