| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MSN Foto-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.08.2010, 15:04
| #1 |
| |  MSN Foto-Virus Habe in MSN ein Nachricht bekommen, die mit einem Link versehen war. (Wie findest du das Foto? hxxp://www.facebook.ozodo.com/facebook_gallery.php?image=DSC0014084920.JPG") Als ich auf den Link geklickt habe, hat sich automatisch etwas gedownloaded und nun habe ich ständig Probleme mit meinem PC. Habe bei Malwarebytes' Anti Malware nur den Quick-Scan gemacht. Hier die Ergebnisse: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4451 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 20.08.2010 15:30:23 mbam-log-2010-08-20 (15-30-23).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 225351 Laufzeit: 22 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 3 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 168 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot. C:\Users\Ronja\AppData\Roaming\qdzp.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\1059396.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\1228039.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\1514625.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\2048267.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\4241864.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\5347746.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\5367418.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\7072230.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\7120446.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\7299884.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\9495498.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\BbAld6I87I.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\kH71j6c88c.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\mJi8lLE661.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Nj6HM70JD0.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\V0b.exe (Trojan.FraudPack.Gen) -> Delete on reboot. C:\Users\BCR!!\AppData\Local\Temp\V0c.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz6.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzq.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzu.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzx.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\kH71j6c88c.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\M6I77kEicE.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\08110.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\08960.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\0994216.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\1014218.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Nj6HM70JD0.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Nj6Hml0jD0.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\I1edh8N17N.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\5461003.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\58949.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\6363469.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\ree.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\1481783.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\166.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\19775.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\212217.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4045090.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\44852.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4762280.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4796507.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4800149.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\BbAld6I87I.log (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\BG11ih8GM8.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\BIHGLKDICD.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\e1bm1d6CH6.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\77887.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\78061.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\96388.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\2311314.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\DNMkcC7mf8.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\B1d1gf71j7.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\7339744.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\7445010.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\7662155.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\841.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\8672958.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V00.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V01.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V03.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V04.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V05.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V06.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V07.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V08.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V09.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0a.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0b.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0c.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0d.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0f.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0g.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0h.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz5.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz7.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz8.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzs.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzt.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzx.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzy.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0j.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0k.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0l.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0m.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0n.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0p.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0q.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0r.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0s.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0t.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0x.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0y.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0z.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1b.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1c.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1d.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1e.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1h.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1j.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1k.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1l.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1m.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz0.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\BCR!!\winrsncd.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Public\winsvrcn.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Julia.ronpon-PC\downloads\win_protection_update.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronja\downloads\hcf.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Users\Ronja\downloads\DSC001354035604.JPG.scr (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\MSA\mscj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\MSA\mscjm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Users\Ronja\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Ronja\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.08.2010 15:42:34 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\BCR!!\Downloads Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224,88 Gb Total Space | 89,34 Gb Free Space | 39,73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 1,89 Gb Total Space | 1,87 Gb Free Space | 98,84% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RONPON-PC Current User Name: BCR!! Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.20 15:42:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BCR!!\Downloads\OTL.exe PRC - [2010.08.11 20:55:11 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010.08.10 14:05:24 | 000,080,896 | RHS- | M] () -- C:\Users\Public\S-2535-6853-2745\winrsvn.exe PRC - [2010.07.31 02:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2010.06.01 08:26:09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe PRC - [2010.03.24 11:36:16 | 000,797,104 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe PRC - [2009.09.19 13:49:16 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.02.25 18:23:35 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2008.07.20 14:31:26 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.03.03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007.12.10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2007.06.14 19:02:44 | 000,548,864 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe PRC - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2007.05.18 15:21:40 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2007.05.10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.28 20:19:53 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.02.14 21:46:20 | 000,278,608 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe PRC - [2007.02.14 21:45:48 | 000,159,744 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Powercinema\PCMService.exe PRC - [2007.01.11 12:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2007.01.11 12:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (SafeList) ========== MOD - [2010.08.20 15:42:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BCR!!\Downloads\OTL.exe MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge) SRV - [2010.08.11 20:55:11 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.07.20 14:31:26 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.09.12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007.05.18 15:03:17 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.02.28 20:19:53 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.14 21:46:24 | 000,110,677 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007.02.14 21:46:20 | 000,278,608 | ---- | M] () [Auto | Running] -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008.09.12 09:33:24 | 000,270,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSvix86.sys -- (IDSvix86) DRV - [2008.09.02 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2008.08.20 10:00:00 | 000,873,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081016.004\NAVEX15.SYS -- (NAVEX15) DRV - [2008.08.20 10:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081016.004\NAVENG.SYS -- (NAVENG) DRV - [2008.07.20 14:32:37 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.02.13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.09.04 19:08:24 | 000,286,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007.06.14 19:03:48 | 000,455,032 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350) DRV - [2007.05.18 15:32:00 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2007.05.18 15:31:58 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2007.05.18 15:31:54 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2007.05.18 15:31:51 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2007.05.18 15:31:49 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2007.05.18 15:31:47 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2007.05.10 18:25:00 | 001,775,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.04.14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2007.04.10 16:14:18 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3eobex.sys -- (se3eobex) DRV - [2007.04.10 16:14:16 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3emgmt.sys -- (se3emgmt) Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM) DRV - [2007.04.10 16:14:14 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3emdm.sys -- (se3emdm) DRV - [2007.04.10 16:14:14 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3emdfl.sys -- (se3emdfl) DRV - [2007.04.10 16:14:02 | 000,083,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3ebus.sys -- (se3ebus) Sony Ericsson Device 062 (WDM) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2007.01.23 11:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 14:19:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 13:46:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.05 16:06:34 | 000,000,000 | ---D | M] [2010.08.13 00:16:17 | 000,000,000 | ---D | M] -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Extensions [2010.08.13 00:18:01 | 000,000,000 | ---D | M] -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\extensions [2010.08.13 00:18:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.03.31 10:52:00 | 000,000,168 | ---- | M] () -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\searchplugins\icqplugin.gif [2008.03.31 10:52:00 | 000,000,618 | ---- | M] () -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\searchplugins\icqplugin.src [2010.08.13 00:18:10 | 000,000,950 | ---- | M] () -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\searchplugins\icqplugin.xml [2010.06.30 19:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007.02.28 20:50:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.03.16 15:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.01.13 01:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\packardbell@partners.mozilla.com [2009.01.13 01:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2007.01.12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll [2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.04.19 17:17:54 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2010.03.24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PCMService] c:\Program Files\Powercinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [tray"] C:\Program Files\CodedColor\byngo.exe (1STEIN Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Metropolis] C:\Users\BCR!!\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Windows Boot Control] C:\Users\Public\S-2535-6853-2745\winrsvn.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WinSysControlsg] File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\DataMngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\BCR!!\Desktop\1099098114_f.jpg O24 - Desktop BackupWallPaper: C:\Users\BCR!!\Desktop\1099098114_f.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b097162a-9ee4-11de-afbd-001c4af677fc}\Shell\explore\command - "" = zzzzz.exe ;Þ\-€^»ô”ˆ$†®'"a˜fØ›ÍûdÛwYx0-*î߇›ã”Š?;¤Ä%"ݼ[š`¥ÂN\„0æq¬ð!,°µAˆ Êf™w´Šhð×|‹¸Ì±ù@™_¨\lrز/ExŽØ&ÈŽ3Roó¯zç{\ÔX;Åð 'öÇmA:.‡Ý† ǧ>rq|±ïpFäúêí`¢K"¥bí¶”+d‹ ä›õ{¡Ù£zÜ-Q¥Ã ?ÊÅFiáÞû¡Žc³’D·`€‹-åLIê?F$Ø{Ãßc±î7{~,–vM‹», O33 - MountPoints2\{b097162a-9ee4-11de-afbd-001c4af677fc}\Shell\open\command - "" = zzzzz.exe ;ѪFªpôàopo£ŸˆýW,–ÎáfqÇã%ͦ!jsýºË9ÍÌÔ&0iÉÐŒ'Âö®Z•²h¦œe>ÃiCp-OBP*ÚBä'Ž|¾¤â/¡}ˆ8™±ÑûÏ7ÜÁ_,°ƒ†Kt//jšDÁ9N*&8á÷ð;Ä”•`pß*n3¬í'£êýOýØèŽ|›µ O33 - MountPoints2\{e0387f40-163a-11df-843b-001d7d280ec1}\Shell\AutoRun\command - "" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe -- [2010.03.24 12:40:58 | 017,765,808 | ---- | M] (iMesh, Inc) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.20 14:12:28 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Malwarebytes [2010.08.20 14:12:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.20 14:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.20 14:12:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.20 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.18 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Yahoo! [2010.08.18 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Google [2010.08.17 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Documents\Meine empfangenen Dateien [2010.08.17 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Adobe [2010.08.17 19:43:09 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Canon [2010.08.16 11:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\313 [2010.08.13 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Mozilla [2010.08.13 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Mozilla [2010.08.12 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Apple Computer [2010.08.12 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Apple Computer [2010.08.12 00:35:47 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Documents\DVDVideoSoft [2010.08.11 20:19:53 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\ICQ [2010.08.11 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\AOL [2010.08.11 20:17:42 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Tracing [2010.08.11 20:01:31 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Macromedia [2010.08.11 20:01:31 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Adobe [2010.08.11 19:55:39 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Roxio [2010.08.11 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Documents\My Google Gadgets [2010.08.11 19:55:04 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\PowerCinema [2010.08.11 19:54:52 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Google [2010.08.11 19:54:45 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Searches [2010.08.11 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Identities [2010.08.11 19:54:34 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Contacts [2010.08.11 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\VirtualStore [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\AppData\Local\Temporary Internet Files [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Templates [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Start Menu [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\SendTo [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Recent [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\PrintHood [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\NetHood [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Documents\My Videos [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Documents\My Pictures [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Documents\My Music [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\My Documents [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Local Settings [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\AppData\Local\History [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Cookies [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Application Data [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\AppData\Local\Application Data [2010.08.11 19:54:24 | 000,000,000 | --SD | C] -- C:\Users\BCR!!\AppData\Roaming\Microsoft [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Videos [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Saved Games [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Pictures [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Music [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Links [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Favorites [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Downloads [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Documents [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Desktop [2010.08.11 19:54:24 | 000,000,000 | -H-D | C] -- C:\Users\BCR!!\AppData [2010.08.11 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Temp [2010.08.11 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Microsoft [2010.08.03 09:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Recorder Studio [2010.08.03 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010.06.29 14:25:22 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5688.dll [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2010.08.20 15:47:27 | 001,310,720 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT [2010.08.20 15:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A2360BA3-6DD9-4856-B52A-529143D04209}.job [2010.08.20 15:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15EE0406-1995-4E75-B07A-9A910FB4FBB3}.job [2010.08.20 15:40:44 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ffnomfg.sys [2010.08.20 15:37:36 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.20 15:37:31 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.20 15:36:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.20 15:33:50 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.20 15:33:49 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.20 15:33:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.20 15:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.20 15:33:27 | 1878,581,248 | -HS- | M] () -- C:\hiberfil.sys [2010.08.20 15:32:06 | 002,300,786 | -H-- | M] () -- C:\Users\BCR!!\AppData\Local\IconCache.db [2010.08.20 15:31:32 | 000,022,028 | ---- | M] () -- C:\Users\BCR!!\Documents\trojaner-board.rtf [2010.08.20 15:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.20 15:30:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job [2010.08.20 14:52:46 | 004,286,592 | ---- | M] () -- C:\Users\BCR!!\Desktop\Blink 182 - Josie.mp3 [2010.08.20 14:41:49 | 003,047,552 | ---- | M] () -- C:\Users\BCR!!\Desktop\Blink 182 - M+M's.mp3 [2010.08.19 22:56:16 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.19 22:56:16 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.19 22:56:16 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.19 22:48:32 | 002,723,968 | ---- | M] () -- C:\Users\BCR!!\Desktop\Blink 182 - Wasting Time lyrics.mp3 [2010.08.19 20:15:18 | 000,008,704 | ---- | M] () -- C:\Users\BCR!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.19 19:58:38 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F220ABB0-BFC7-4042-8944-4D1854FA58F5}.job [2010.08.18 22:15:05 | 660,194,108 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0004.avi [2010.08.18 21:53:17 | 148,105,542 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0003.avi [2010.08.18 21:49:42 | 3067,879,186 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0002.avi [2010.08.18 20:37:11 | 383,715,700 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0001.avi [2010.08.18 20:03:59 | 000,409,920 | ---- | M] () -- C:\Users\BCR!!\Desktop\PriceGong.exe [2010.08.18 20:03:41 | 000,770,536 | ---- | M] () -- C:\Users\BCR!!\Desktop\HC2SetDE_2.23.02.exe [2010.08.18 19:56:47 | 000,000,946 | ---- | M] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010.08.14 12:59:20 | 221,673,544 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.12 13:48:53 | 000,000,941 | ---- | M] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010.08.12 01:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2010.08.12 01:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010.08.12 01:41:58 | 000,065,536 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.08.12 00:50:19 | 000,000,255 | ---- | M] () -- C:\Users\BCR!!\Documents\gesine.rtf [2010.08.11 19:54:49 | 000,100,624 | ---- | M] () -- C:\Users\BCR!!\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.11 19:54:25 | 000,000,020 | -HS- | M] () -- C:\Users\BCR!!\ntuser.ini [2010.08.02 21:44:24 | 000,347,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010.08.20 15:40:44 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ffnomfg.sys [2010.08.20 15:37:22 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.20 15:37:16 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.20 15:31:32 | 000,022,028 | ---- | C] () -- C:\Users\BCR!!\Documents\trojaner-board.rtf [2010.08.20 14:52:02 | 004,286,592 | ---- | C] () -- C:\Users\BCR!!\Desktop\Blink 182 - Josie.mp3 [2010.08.20 14:40:52 | 003,047,552 | ---- | C] () -- C:\Users\BCR!!\Desktop\Blink 182 - M+M's.mp3 [2010.08.19 22:47:40 | 002,723,968 | ---- | C] () -- C:\Users\BCR!!\Desktop\Blink 182 - Wasting Time lyrics.mp3 [2010.08.19 22:35:48 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\kj6hC.txt [2010.08.18 21:57:18 | 660,194,108 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0004.avi [2010.08.18 21:49:49 | 148,105,542 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0003.avi [2010.08.18 21:26:39 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\EDIb7.txt [2010.08.18 20:37:20 | 3067,879,186 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0002.avi [2010.08.18 20:27:18 | 383,715,700 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0001.avi [2010.08.18 20:03:33 | 000,770,536 | ---- | C] () -- C:\Users\BCR!!\Desktop\HC2SetDE_2.23.02.exe [2010.08.18 20:03:33 | 000,409,920 | ---- | C] () -- C:\Users\BCR!!\Desktop\PriceGong.exe [2010.08.18 19:56:47 | 000,000,946 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010.08.17 19:37:53 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\Bb7M1.txt [2010.08.17 19:37:50 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\I77kE.txt [2010.08.16 13:05:21 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F220ABB0-BFC7-4042-8944-4D1854FA58F5}.job [2010.08.12 13:48:53 | 000,000,941 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010.08.12 00:50:19 | 000,000,255 | ---- | C] () -- C:\Users\BCR!!\Documents\gesine.rtf [2010.08.11 21:02:36 | 000,008,704 | ---- | C] () -- C:\Users\BCR!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.11 19:54:25 | 000,000,020 | -HS- | C] () -- C:\Users\BCR!!\ntuser.ini [2010.08.11 19:54:24 | 001,310,720 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT [2010.08.11 19:54:24 | 000,524,288 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2010.08.11 19:54:24 | 000,524,288 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010.08.11 19:54:24 | 000,262,144 | -H-- | C] () -- C:\Users\BCR!!\ntuser.dat.LOG1 [2010.08.11 19:54:24 | 000,065,536 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.08.11 19:54:24 | 000,001,958 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010.08.11 19:54:24 | 000,000,258 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010.08.11 19:54:24 | 000,000,240 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010.08.11 19:54:24 | 000,000,000 | -H-- | C] () -- C:\Users\BCR!!\ntuser.dat.LOG2 [2010.05.01 15:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\ump.INI [2010.03.04 21:03:08 | 000,000,072 | ---- | C] () -- C:\Windows\ABC_mru.ini [2009.03.30 21:38:34 | 000,000,305 | ---- | C] () -- C:\Windows\Ulead32.ini [2009.01.02 16:31:41 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini [2009.01.02 16:31:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini [2008.12.20 21:05:08 | 000,000,085 | ---- | C] () -- C:\Windows\MGX.INI [2008.09.11 21:54:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.09.11 21:53:32 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.02.28 20:55:29 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2007.02.13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000011.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\DVDVideoSoft:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0004.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0003.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0002.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0001.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Desktop\Blink 182 - Wasting Time lyrics.mp3:Roxio EMC Stream < End of report > |
|
20.08.2010, 17:16
| #2 |
  | MSN Foto-Virus Hallo Räubertochter und
__________________ Es fehlt noch das Log extras.txt von OTL und ein vollständiges Log von Malwarebytes. Führe vor dem neuen Scan von Malwarebytes einen Neustart durch. ciao, andreas
__________________ |
|
21.08.2010, 11:25
| #3 |
| | MSN Foto-Virus Okay, dann hier das vollständige Log von Malwarebytes.
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4451 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 20.08.2010 21:22:44 mbam-log-2010-08-20 (21-22-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 461924 Laufzeit: 2 Stunde(n), 32 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\BCR!!\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\BCR!!\AppData\Local\Temp\Nj6HM70JD0.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Windows\winhelp.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\MSA\vd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\MSA\vd2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\Utogh\oqge.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. Und das Log extras.txt von OTL OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.08.2010 22:49:50 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = c:\Users\BCR!!\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 92,16 Gb Free Space | 40,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RONPON-PC
Current User Name: BCR!!
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B61E06-DB36-4C31-A93C-FCBE04DDB08E}" = lport=137 | protocol=17 | dir=in | app=system |
"{13F280BF-D19D-47A4-8137-1AAFF2FED4A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{2280A60A-0E39-442E-83D8-7902A3D0579E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26DB4EE5-2C72-4B7B-AB30-D6CEE10076D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29F29928-FFA7-4856-8AA1-F5F23A173239}" = rport=137 | protocol=17 | dir=out | app=system |
"{42D403CF-C456-4C31-8333-FFC41AA4944F}" = rport=139 | protocol=6 | dir=out | app=system |
"{4CFE6941-A5A7-49B7-A53E-64B7E115B152}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{52239BF2-C1DC-4DFE-954B-ACDAF27D7E61}" = lport=138 | protocol=17 | dir=in | app=system |
"{565DB8FD-D2E6-45D6-A03C-FD1A9D67D249}" = lport=445 | protocol=6 | dir=in | app=system |
"{801D2E3B-A1EB-4EB9-9EEA-67C61BA6BC36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{92B0AF58-82DA-4833-A83F-28E0C762FB9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C33C929C-C3AD-435F-B497-D11B95237D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{CDD486DF-E1DF-4F50-8A10-A19C49191ADE}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C9FA5E-6F87-4163-91DA-8798CE46F50F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{09C0C369-CE1E-4635-8EA2-8F825A5E9298}" = protocol=6 | dir=in | app=c:\windows\temp\~osb931.tmp\rlvknlg.exe |
"{0FAC54DC-3BFD-4293-A6C0-3B1D511831B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{175A6D07-62B5-478E-8FCA-50F29B4E1FB5}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{1C478BAF-E791-4BF2-B560-65EB5BD9D2D1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{1CEC2B1A-9964-45E5-9987-DF32CBFE4805}" = protocol=17 | dir=in | app=c:\program files\powercinema\pcmservice.exe |
"{1FEF494B-5E40-4FCD-B569-FDD9EB0DD6AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2AD46A94-7037-4DB2-9F30-ED2C7EF0FBB9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D28563A-D9FB-405E-8682-4B577EAB512A}" = protocol=6 | dir=in | app=c:\windows\temp\~osed6d.tmp\rlvknlg.exe |
"{34C81A46-A2C9-4E74-B581-1EFE65A2CC6B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3AB5F394-38AA-4D3B-94D8-D8EC42BD949A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49A7EEA6-8754-4507-AC3F-270F1E120295}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4BAFCA61-80F0-4892-92EF-4ABF08F82333}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{556B2784-BB78-48DB-8C69-D9AF759B4A76}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{59EDAC16-A062-41DC-9682-4F9A46E6A55C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{5BB7FB51-189E-4980-8BE4-3CA18AF7F4D3}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{64D547CD-9CD7-4587-915F-CA77A1F3A19D}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{65B80C5B-E5CB-43B2-8C34-59DA3113A2FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68181974-707D-4C56-BF33-742558D42EAB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{687F9519-E21B-4AF9-A465-0FC2A42D5C16}" = dir=in | app=c:\program files\powercinema\kernel\dmp\clbrowserengine.exe |
"{7271DA2F-00EF-4AF7-A037-7FCAED927007}" = dir=in | app=c:\program files\powercinema\powercinema.exe |
"{9026C983-444C-40CC-84E1-D570FF78ACE7}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{906D0729-9A51-4064-A1CD-1AF03DD8434B}" = protocol=6 | dir=in | app=c:\windows\temp\~os9e47.tmp\rlvknlg.exe |
"{90A5E7F0-2DFB-46CF-B201-92910F7B80FD}" = protocol=6 | dir=in | app=c:\program files\powercinema\pcmservice.exe |
"{90B37665-EDA3-41B8-9915-56048500507E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{982F428B-C6E3-4117-A8E0-3E0F04493B13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DC39A7D-6C93-4669-AAF3-90966358750A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4C69F7A-F088-49BA-8823-FFBDB17954DA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{AE8061BB-0D18-4E0E-B0A3-CB4D311C5D41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AFE65242-779F-4377-9340-578FFE3608FF}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{BA489BD7-9015-491F-9304-D24A00708BFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CCFF668D-F3C2-4646-9237-73973D4C6239}" = dir=in | app=c:\program files\powercinema\kernel\dms\clmsservice.exe |
"{D456C158-46FF-4596-B52A-7FF07BB6ED26}" = protocol=6 | dir=in | app=c:\program files\powercinema\powercinema.exe |
"{D7A9DC19-D907-4B26-8442-7A3205C86318}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC9F3FA0-B837-4EA5-8FCB-2BF33593984A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DD5DF342-6218-4EA7-BDA7-726C3F2BCFCE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E06DE8BB-9421-4A4E-9122-600C2487A498}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E16A7AC9-1611-4192-B593-0F0C07DD339F}" = protocol=6 | dir=in | app=c:\users\ronja\appdata\local\temp\~osb9d6.tmp\rlvknlg.exe |
"{E53BEC0B-BE99-4BA6-A90C-2BD5C27408C7}" = dir=in | app=c:\program files\powercinema\pcmservice.exe |
"{E63DF4EE-A9CE-48E2-B63E-71E15CB40ECD}" = protocol=17 | dir=in | app=c:\program files\powercinema\powercinema.exe |
"{FF141A64-8440-4F72-893C-5A3FFC87EDB4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{023EC958-023C-42D1-B2A4-E9E4BEF599FC}" = SweetIM for Messenger 2.6
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series" = Canon MP260 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1B01FB23-57EC-11D4-8BB5-0048545367A3}" = Lernwerkstatt
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7CC93985-10CD-11D5-982A-0050DA602C65}" = Kommissar Kugelblitz 2
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F733B94-B629-4275-AA28-B6DC68830355}" = Symantec Real Time Storage Protection Component
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}" = Marine Park Empire
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7EFFE46-8250-4C91-B188-59505BC97FCE}_is1" = Lauras Hundeschule
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"Abenteuer auf dem Reiterhof 4 - Die Meisterschule" = Abenteuer auf dem Reiterhof 4 - Die Meisterschule
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5413
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS DVD Copy_is1" = AVS DVD Copy version 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"Canon MP260 series Benutzerregistrierung" = Canon MP260 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CodedColor_is1" = CodedColor 2009, 5.8.2
"CREATOR9" = Creator 9
"Dress Up Rush Deluxe" = Dress Up Rush Deluxe
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ergonis PopChar_is1" = PopChar 4.0
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"Fashion Boutique Deluxe" = Fashion Boutique Deluxe
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FirefoxGB" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = GoogleDesktop
"GoogleToolbar" = GoogleToolbar
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"ImageWriter" = Packard Bell ImageWriter
"iMesh" = iMesh
"iMesh MediaBar" = MediaBar
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}" = Marine Park Empire
"Ivan Image Converter" = Ivan Image Converter
"kd" = kd - Das Spiel!
"LCDTest" = Packard Bell LCD Test
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Fotos auf CD & DVD 7 deluxe Trial D" = MAGIX Fotos auf CD & DVD 7 deluxe Trial 7.0.3.0 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mortimer Beckett Deluxe" = Mortimer Beckett Deluxe
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MP3 Cutter 1" = MP3 Cutter 1
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"N360_2007_GB" = Norton 360
"PBREG" = Packard Bell Registration
"PhotoFiltre" = PhotoFiltre
"PhotoScape" = PhotoScape
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"Picasa_2" = Picasa2
"Picasa2" = Picasa 2
"Portrait Professional 8 Test_is1" = Portrait Professional 8.1 Test
"PowerCinema5" = Power Cinema 5
"Prisma Duits-Nederlands_is1" = Prisma D-N 1.0
"Prisma Nederlands_is1" = Prisma NED 1.0
"Sally's Salon Deluxe" = Sally's Salon Deluxe
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SETUPMYPC_GB" = SetUp My PC
"Shockwave" = Shockwave player 10
"SiS VGA Utilities" = SiS VGA Utilities
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Supermarket Management Deluxe" = Supermarket Management Deluxe
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Media Player" = Universal Media Player
"Updator" = Packard Bell Updator
"VIDEO_SIS" = Video SIS V7.14.10.5053
"Wedding Dash - Ready, Aim, Love! Deluxe" = Wedding Dash - Ready, Aim, Love! Deluxe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Zattoo" = Zattoo 3.3.4 Beta
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.09.2009 14:25:02 | Computer Name = ronpon-PC | Source = WerSvc | ID = 5007
Description =
Error - 20.09.2009 06:53:05 | Computer Name = ronpon-PC | Source = WerSvc | ID = 5007
Description =
Error - 21.09.2009 09:17:51 | Computer Name = ronpon-PC | Source = Google Update | ID = 20
Description =
Error - 21.09.2009 15:00:24 | Computer Name = ronpon-PC | Source = Google Update | ID = 20
Description =
Error - 21.09.2009 15:58:12 | Computer Name = ronpon-PC | Source = WerSvc | ID = 5007
Description =
Error - 22.09.2009 12:25:13 | Computer Name = ronpon-PC | Source = Google Update | ID = 20
Description =
Error - 22.09.2009 12:27:04 | Computer Name = ronpon-PC | Source = WerSvc | ID = 5007
Description =
Error - 22.09.2009 13:39:16 | Computer Name = ronpon-PC | Source = Application Error | ID = 1000
Description = Faulting application sidebar.exe, version 6.0.6000.16615, time stamp
0x4764fba1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0038e520, process id 0xa40, application start time
0x01ca3bab90b341f0.
Error - 22.09.2009 14:38:45 | Computer Name = ronpon-PC | Source = WerSvc | ID = 5007
Description =
Error - 23.09.2009 16:17:29 | Computer Name = ronpon-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 20.08.2010 09:33:11 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
31, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 10:00:57 | Computer Name = ronpon-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3F0791FC. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 20.08.2010 12:31:29 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 12:31:29 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
7, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 12:31:29 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
31, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 15:24:30 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 15:24:30 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
7, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 15:24:30 | Computer Name = ronpon-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
31, function 0. Please contact your system vendor for technical assistance.
Error - 20.08.2010 15:27:10 | Computer Name = ronpon-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 20.08.2010 15:27:10 | Computer Name = ronpon-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Ich hoffe, dass es jetzt richtig so ist. Und danke für die nette Begrüßung. (: |
|
22.08.2010, 20:52
| #4 |
| | MSN Foto-Virus Hm, du bist mein Sorgenkind. Wenn ich mir die Softwareliste anschaue, dann befällt mich das Grauen. Bei dir sind mehrere Downloader aktiv. Trenne grundsätzlich die Verbindung zum Internet, falls du sie nicht benötigst. Falls dir ein zweiter Rechner zur Verfügung steht, dann benutze den. Eine Reinigung ist zwar möglich, wird aber ein Mehrfaches (vorsichtig geschätzt 5 Tage, können auch 10 werden) der Zeit benötigen, die eine Neuinstallation beansprucht. Die Entscheidung liegt bei dir. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
Linear-Darstellung
