| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AVir meldet 'HEUR/HTML.Malware'Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.09.2010, 17:17
| #1 |
 |  AVir meldet 'HEUR/HTML.Malware' In der Datei 'C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E3W04DDI\bhocombined[1].js' wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRO5P6OF\afr[1].htm' wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff erlauben Ich habe seit ca. einer Woche immer wieder Meldungen dieser Art durch AVir. Habe dieses Problem seit ich durch google auf einer ausländische Seite gelandet bin, weiß aber nicht mehr was genau das für eine Seite war. Hab auch schon Windows neu installiert, weil ich dachte, dass das vielleicht hilft, aber das Problem besteht weiterhin. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4599 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.09.2010 13:46:34 mbam-log-2010-09-12 (13-46-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 131658 Laufzeit: 10 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) --------------------------------------- defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:53 on 12/09/2010 (Sonja) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... ---------------------------------GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-12 14:24:03
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\uwlcypow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C152D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2D1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 81C7E8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81C9E3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A35B4C9D 28 Bytes [D5, D8, 79, EC, 98, 25, A4, ...]
.text peauth.sys A35B4CC1 28 Bytes [D5, D8, 79, EC, 98, 25, A4, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!CreateWindowExW 76430E51 5 Bytes JMP 6C318157 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxIndirectParamW 76454AA7 5 Bytes JMP 6C43F970 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxParamW 7645564A 5 Bytes JMP 6C234BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxParamA 7646CF6A 5 Bytes JMP 6C43F90D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxIndirectParamA 7646D29C 5 Bytes JMP 6C43F9D3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxIndirectA 7647E8C9 5 Bytes JMP 6C43F8A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxIndirectW 7647E9C3 5 Bytes JMP 6C43F837 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxExA 7647EA29 5 Bytes JMP 6C43F7D5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxExW 7647EA4D 5 Bytes JMP 6C43F773 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!UnhookWindowsHookEx 7642CC7B 5 Bytes JMP 6C32835E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CallNextHookEx 7642CC8F 5 Bytes JMP 6C309D5C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CreateWindowExW 76430E51 5 Bytes JMP 6C318157 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!SetWindowsHookExW 7643210A 5 Bytes JMP 6C2C4633 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamW 76454AA7 5 Bytes JMP 6C43F970 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamW 7645564A 5 Bytes JMP 6C234BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamA 7646CF6A 5 Bytes JMP 6C43F90D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamA 7646D29C 5 Bytes JMP 6C43F9D3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectA 7647E8C9 5 Bytes JMP 6C43F8A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectW 7647E9C3 5 Bytes JMP 6C43F837 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExA 7647EA29 5 Bytes JMP 6C43F7D5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExW 7647EA4D 5 Bytes JMP 6C43F773 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!OleLoadFromStream 77325B88 5 Bytes JMP 6C43FCCE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!CoCreateInstance 773757FC 5 Bytes JMP 6C318C45 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006c bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6b84
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd60786
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556c60d24
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b5885a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6b84 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd60786 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556c60d24 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b5885a (not active ControlSet)
---- EOF - GMER 1.0.15 ----
---------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/12/2010 2:41:38 PM - Run 2 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Sonja\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,014.00 Mb Total Physical Memory | 374.00 Mb Available Physical Memory | 37.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 66.97 Gb Total Space | 41.59 Gb Free Space | 62.10% Space Free | Partition Type: NTFS Drive D: | 66.98 Gb Total Space | 21.12 Gb Free Space | 31.53% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SONJASPC Current User Name: Sonja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Sonja\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.) PRC - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe (Speedbit Ltd.) PRC - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe (Speedbit Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Sonja\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Internet Explorer\ieproxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation) MOD - C:\Windows\System32\StructuredQuery.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\slc.dll (Microsoft Corporation) MOD - C:\Windows\System32\SearchFolder.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\fms.dll (Windows (R) Codename Longhorn DDK provider) MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (VideoAcceleratorService) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (hspamdm) -- C:\Windows\System32\drivers\hspamdm.sys (MCCI Corporation) DRV - (hspaserd) SAMSUNG HSPA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\hspaserd.sys (MCCI Corporation) DRV - (hspabus) SAMSUNG HSPA USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\hspabus.sys (MCCI Corporation) DRV - (hspamdfl) -- C:\Windows\System32\drivers\hspamdfl.sys (MCCI Corporation) DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/10 15:18:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/09/10 15:20:07 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\mozilla\Extensions [2010/09/10 15:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (Speedbit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/12 14:06:27 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Desktop\Gmer [2010/09/12 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/09/12 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Desktop\MFTools [2010/09/11 23:55:42 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe [2010/09/11 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Malwarebytes [2010/09/11 23:51:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010/09/11 23:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/11 23:50:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010/09/11 23:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/09/11 15:03:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit [2010/09/11 15:03:45 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) -- C:\windows\System32\AniGIF.ocx [2010/09/11 15:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator [2010/09/11 15:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit [2010/09/11 15:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict [2010/09/11 15:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader [2010/09/11 14:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/09/11 14:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/09/11 14:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/09/11 14:35:02 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers [2010/09/11 14:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010/09/11 14:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010/09/11 14:32:47 | 018,093,960 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\Sonja\Desktop\FreeYouTubeToMp3Converter_38.exe [2010/09/10 15:56:08 | 000,000,000 | ---D | C] -- C:\windows\System32\x64 [2010/09/10 15:33:09 | 000,000,000 | R--D | C] -- C:\Users\Sonja\my video [2010/09/10 15:30:37 | 000,000,000 | R--D | C] -- C:\Users\Sonja\my pictures [2010/09/10 15:30:34 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Local\Diagnostics [2010/09/10 15:23:02 | 000,000,000 | R--D | C] -- C:\Users\Sonja\my music [2010/09/10 15:22:53 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Meine Scans [2010/09/10 15:22:52 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Links [2010/09/10 15:22:52 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Contacts [2010/09/10 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Meine empfangenen Dateien [2010/09/10 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Meine Alben [2010/09/10 15:22:51 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Incomplete [2010/09/10 15:22:50 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Videos [2010/09/10 15:22:50 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Saved Games [2010/09/10 15:22:50 | 000,000,000 | ---D | C] -- C:\Users\Sonja\ICQ [2010/09/10 15:22:49 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Music [2010/09/10 15:22:49 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Eigene Videos [2010/09/10 15:22:49 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Eigene Musik [2010/09/10 15:20:55 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\wordpress-3.0.1-de_DE[1] [2010/09/10 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\pagemash[1] [2010/09/10 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\Meine empfangenen Dateien [2010/09/10 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\Media Go [2010/09/10 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\DVDVideoSoft [2010/09/10 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\Bluetooth-Exchange-Ordner [2010/09/10 15:20:43 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Documents\Bilder [2010/09/10 15:20:41 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Pictures [2010/09/10 15:20:41 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Documents [2010/09/10 15:20:40 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Eigene Bilder [2010/09/10 15:20:40 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Downloads [2010/09/10 15:20:37 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Zeugnisvergabe [2010/09/10 15:20:31 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Vokabeln Noctua [2010/09/10 15:20:31 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Unity Media [2010/09/10 15:20:31 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Tracing [2010/09/10 15:20:24 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Thai romanization [2010/09/10 15:20:16 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Searches [2010/09/10 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Tattoos [2010/09/10 15:20:07 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Mozilla [2010/09/10 15:19:33 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Sonja [2010/09/10 15:19:30 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Thunderbird [2010/09/10 15:19:30 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Local\Thunderbird [2010/09/10 15:18:21 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Schule [2010/09/10 15:18:16 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Rezeptsammlung [2010/09/10 15:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/09/10 15:17:08 | 000,000,000 | R--D | C] -- C:\Users\Sonja\Favorites [2010/09/10 15:16:53 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Programme [2010/09/10 15:16:53 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Podcasts [2010/09/10 15:16:51 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Noctua [2010/09/10 15:16:51 | 000,000,000 | ---D | C] -- C:\Users\Sonja\NeroVision [2010/09/10 15:09:30 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Avira [2010/09/10 15:06:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2010/09/10 15:06:18 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2010/09/10 15:06:17 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2010/09/10 15:06:17 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys [2010/09/10 15:06:17 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys [2010/09/10 15:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/09/10 15:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/09/10 15:01:58 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Macromedia [2010/09/10 15:01:58 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Adobe [2010/09/10 14:58:18 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Google [2010/09/10 14:58:17 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Local\Google ========== Files - Modified Within 90 Days ========== [2010/09/12 14:43:20 | 001,048,576 | -HS- | M] () -- C:\Users\Sonja\NTUSER.DAT [2010/09/12 14:03:24 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/12 14:03:24 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/12 13:55:31 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/09/12 13:55:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/09/12 13:55:14 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys [2010/09/12 13:54:09 | 001,161,956 | -H-- | M] () -- C:\Users\Sonja\AppData\Local\IconCache.db [2010/09/12 13:53:46 | 000,000,000 | ---- | M] () -- C:\Users\Sonja\defogger_reenable [2010/09/12 13:51:46 | 000,010,636 | ---- | M] () -- C:\Users\Sonja\LogFILEMalwarebytes.docx [2010/09/12 13:51:25 | 000,021,386 | ---- | M] () -- C:\Users\Sonja\OTL logfile created on.docx [2010/09/12 13:32:46 | 000,000,894 | ---- | M] () -- C:\Users\Sonja\Desktop\NTREGOPT.lnk [2010/09/12 13:32:46 | 000,000,875 | ---- | M] () -- C:\Users\Sonja\Desktop\ERUNT.lnk [2010/09/12 13:20:41 | 000,050,477 | ---- | M] () -- C:\Users\Sonja\Desktop\defogger.exe [2010/09/12 00:20:05 | 000,020,905 | ---- | M] () -- C:\Users\Sonja\Documents\OTL logfile created on.docx [2010/09/11 23:56:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe [2010/09/11 23:51:33 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/11 15:21:08 | 000,002,047 | ---- | M] () -- C:\Users\Sonja\Desktop\SpeedBit Video Accelerator.lnk [2010/09/11 15:03:45 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) -- C:\windows\System32\AniGIF.ocx [2010/09/11 14:34:44 | 000,001,197 | ---- | M] () -- C:\Users\Sonja\Desktop\DVDVideoSoft Free Studio.lnk [2010/09/11 14:32:57 | 018,093,960 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\Sonja\Desktop\FreeYouTubeToMp3Converter_38.exe [2010/09/10 23:38:53 | 000,684,954 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2010/09/10 23:38:53 | 000,680,010 | ---- | M] () -- C:\windows\System32\perfh010.dat [2010/09/10 23:38:53 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/09/10 23:38:53 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/09/10 23:38:53 | 000,127,070 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2010/09/10 23:38:53 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/09/10 23:38:53 | 000,124,006 | ---- | M] () -- C:\windows\System32\perfc010.dat [2010/09/10 23:38:53 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/09/10 23:38:52 | 003,085,342 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/09/10 19:12:48 | 000,001,409 | ---- | M] () -- C:\Users\Sonja\Desktop\Internet Explorer.lnk [2010/09/10 19:04:43 | 000,334,632 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010/09/10 15:18:54 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010/09/10 15:06:53 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/09/10 15:04:41 | 000,002,697 | ---- | M] () -- C:\Users\Sonja\Desktop\Microsoft Office Word 2007.lnk [2010/09/03 11:42:58 | 000,011,055 | ---- | M] () -- C:\Users\Sonja\Documents\Kindergeld Bescheinigung.docx [2010/07/27 09:50:32 | 000,028,410 | ---- | M] () -- C:\Users\Sonja\Frisur.jpg [2010/06/29 21:23:10 | 002,516,992 | ---- | M] () -- C:\Users\Sonja\Kalender.pub ========== Files Created - No Company Name ========== [2010/09/12 13:53:46 | 000,000,000 | ---- | C] () -- C:\Users\Sonja\defogger_reenable [2010/09/12 13:51:45 | 000,010,636 | ---- | C] () -- C:\Users\Sonja\LogFILEMalwarebytes.docx [2010/09/12 13:51:24 | 000,021,386 | ---- | C] () -- C:\Users\Sonja\OTL logfile created on.docx [2010/09/12 13:32:46 | 000,000,894 | ---- | C] () -- C:\Users\Sonja\Desktop\NTREGOPT.lnk [2010/09/12 13:32:46 | 000,000,875 | ---- | C] () -- C:\Users\Sonja\Desktop\ERUNT.lnk [2010/09/12 13:20:41 | 000,050,477 | ---- | C] () -- C:\Users\Sonja\Desktop\defogger.exe [2010/09/12 00:20:01 | 000,020,905 | ---- | C] () -- C:\Users\Sonja\Documents\OTL logfile created on.docx [2010/09/11 23:51:33 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/11 15:04:01 | 000,002,047 | ---- | C] () -- C:\Users\Sonja\Desktop\SpeedBit Video Accelerator.lnk [2010/09/11 14:34:23 | 000,001,197 | ---- | C] () -- C:\Users\Sonja\Desktop\DVDVideoSoft Free Studio.lnk [2010/09/10 19:12:48 | 000,001,409 | ---- | C] () -- C:\Users\Sonja\Desktop\Internet Explorer.lnk [2010/09/10 15:20:41 | 000,011,055 | ---- | C] () -- C:\Users\Sonja\Documents\Kindergeld Bescheinigung.docx [2010/09/10 15:20:40 | 000,035,396 | ---- | C] () -- C:\Users\Sonja\SI.jpg [2010/09/10 15:20:39 | 002,516,992 | ---- | C] () -- C:\Users\Sonja\Kalender.pub [2010/09/10 15:20:39 | 000,028,410 | ---- | C] () -- C:\Users\Sonja\Frisur.jpg [2010/09/10 15:20:38 | 000,035,330 | ---- | C] () -- C:\Users\Sonja\217972_40_1190_hk56.jpg [2010/09/10 15:18:54 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010/09/10 15:06:53 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/09/10 15:04:41 | 000,002,697 | ---- | C] () -- C:\Users\Sonja\Desktop\Microsoft Office Word 2007.lnk [2010/04/21 17:23:45 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/04/21 16:56:22 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010/09/11 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers [2010/09/10 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Thunderbird [2009/07/14 06:53:46 | 000,005,918 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/09/12 13:55:14 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys [2010/09/12 13:55:18 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys [2009/11/10 02:33:42 | 000,001,949 | ---- | M] () -- C:\RHDSetup.log [2009/11/10 02:44:09 | 000,000,191 | ---- | M] () -- C:\Setup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009/07/10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-12 11:22:21 < End of report > --------------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/11/2010 11:59:18 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Sonja\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.97 Gb Total Space | 41.78 Gb Free Space | 62.38% Space Free | Partition Type: NTFS
Drive D: | 66.98 Gb Total Space | 21.20 Gb Free Space | 31.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SONJASPC
Current User Name: Sonja
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{077E2E73-01E0-4F37-81AD-C93C6C2F0933}" = Connection Manager
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{176039B8-FFE2-4987-B28C-2FB635605EA2}" = Connection Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"SAMSUNG HSPA Modem" = SAMSUNG HSPA Modem Software
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/21/2010 10:52:09 AM | Computer Name = SonjasPC | Source = Customer Experience Improvement Program | ID = 1006
Description =
Error - 9/10/2010 9:04:10 AM | Computer Name = SonjasPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Sonja\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 9/10/2010 9:34:57 AM | Computer Name = SonjasPC | Source = MsiInstaller | ID = 11327
Description =
Error - 9/10/2010 9:35:06 AM | Computer Name = SonjasPC | Source = MsiInstaller | ID = 1023
Description =
Error - 9/10/2010 9:35:06 AM | Computer Name = SonjasPC | Source = MsiInstaller | ID = 1023
Description =
Error - 9/10/2010 9:35:06 AM | Computer Name = SonjasPC | Source = MsiInstaller | ID = 1023
Description =
[ System Events ]
Error - 4/21/2010 9:31:43 AM | Computer Name = SonjasPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 4/21/2010 10:46:07 AM | Computer Name = SonjasPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
| Themen zu AVir meldet 'HEUR/HTML.Malware' |
| antivir, avgntflt.sys, avira, components, conhost.exe, controlset002, converter, corp./icp, device driver, downloader, e-mail, error, excel, fehler, flash player, fontcache, google, helper, ieframe.dll, iexplore.exe, install.exe, installation, local\temp, location, locker, logfile, microsoft office word, mozilla, mozilla thunderbird, mp3, msiinstaller, nicht gefunden, nvstor.sys, office 2007, oldtimer, otl.exe, plug-in, problem, programdata, programm, rarsfx0, realtek, registry, saver, sched.exe, security, security update, shell32.dll, software, system, taskhost.exe, virus, webcheck, windows |
Baum-Darstellung