Trojaner-Board - Trojaner auf PC & USB-Stick

Aaalso, ich habe nun 2 malwarebytes-scans, da ich nach dem 1. aufgefordert wurde, den PC neu zu starten.
Log 1:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5990

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

08.03.2011 17:59:29
mbam-log-2011-03-08 (17-59-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159201
Laufzeit: 7 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Laura\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\sqggoava.exe (Trojan.Downloader) -> Delete on reboot.

Log 2:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5990

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

08.03.2011 18:14:04
mbam-log-2011-03-08 (18-14-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159083
Laufzeit: 7 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Laura\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\sqggoava.exe (Trojan.Downloader) -> Delete on reboot.

OTL Logs:OTL Logfile:

Code:

OTL Extras logfile created on: 08.03.2011 18:16:00 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Laura\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,69 Gb Total Space | 240,33 Gb Free Space | 52,74% Space Free | Partition Type: NTFS

Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

Drive F: | 3,74 Gb Total Space | 2,96 Gb Free Space | 79,21% Space Free | Partition Type: FAT32

 

Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03E1F3D0-2396-4C33-BEDD-3E5A909CC580}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{0BF5BDBB-A646-463A-8128-DA43B97F3BDB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{1F081BC4-3F7D-47AC-A473-161C38F9B43F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{26FC7DB0-9802-4030-8AE6-1ED50D776912}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3B8BE7BC-50DD-4C6B-8B43-EDC9016D79E9}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 

"{6F81F900-E5A1-4D5F-8C3C-F339620653AC}" = rport=139 | protocol=6 | dir=out | app=system | 

"{92366F4C-D8F2-4FD1-AB02-037EAD00C9F9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9AEBC391-DE32-472D-B844-43055C17A841}" = rport=137 | protocol=17 | dir=out | app=system | 

"{AD60A782-0002-4190-BBD1-A6DC8FF01115}" = rport=445 | protocol=6 | dir=out | app=system | 

"{BD379711-028E-4DBF-BE39-09183A26B457}" = lport=445 | protocol=6 | dir=in | app=system | 

"{C4E7E310-587B-49D2-8F2F-F88179C89AA7}" = lport=138 | protocol=17 | dir=in | app=system | 

"{C88562A3-8B4D-43B5-95AF-755784DB3718}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D61D8D96-D57B-40EA-B9C7-58561A71B209}" = rport=138 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F765912-9B8F-4A06-A25B-2B8984D57D04}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{138D9F09-0EC0-4CD9-B18D-20C0363EE01A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{13BBC170-8D58-4532-94C5-F93A46F1F0B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{334DE7F2-3C15-48EC-A62D-CCC033B4615D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{439FDB95-A485-41A5-8E6D-A092B2FCB357}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{46215C3A-DA42-40A9-9141-8C4D15EEA544}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{55ED7197-37D6-43FA-B98C-5CA179D11629}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{5A4847FE-9507-47A4-9D04-C19D80ED43B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5EAC164E-14F4-436A-A821-3A112933B5C4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{615BC081-EC90-4B46-A7CE-CA34EEEFBAC0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{6E44CE56-CF31-4169-BF1E-D679EAB5EB0A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{753CF4B1-C3B4-4360-83C2-A1977108E1D3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7E90A1B9-6FD5-4BAF-BD52-A6CBF7916BA0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{8EFF669B-F93D-44C4-9250-1E6867B3C8C7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{A6116C57-2042-47EE-9759-B19FAC008701}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{A94DF046-5557-4903-8778-2C1AC39FB925}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{AA8F6A66-ABC9-449B-9F92-75808B4C5A1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{AE697F0D-A372-4033-B455-D2D640932A16}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{C5093466-46BF-4D3A-AA93-8885A9289CEF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{DDC0BADA-16B1-44F4-AA7E-03978EAEF9F8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{DFB39408-3A31-4DF0-91C6-2568631C8997}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E5A98ACF-AF36-437A-B2D9-0E8CCA452C2B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{F07902C8-E22A-41FF-B5C3-1FD3774C49C7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{F85FC163-CE8F-4E22-93DD-175FCFE37894}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{F874ED24-8BD4-4793-BCDD-31F238A7CBD9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{FD0E417B-E8AB-49DB-8412-5E306DD48D48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{FE597153-6E3A-4034-8E9C-B84DB0641572}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"TCP Query User{0BB3A5A0-B44B-4870-B679-B17CFBD2C316}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{30E7B4D6-14A0-4201-826F-067A56214685}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{3E288A7C-7733-4346-BA1F-F12E3A01C618}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 

"TCP Query User{48F755E4-61DC-4F68-A5BB-DA78334BB0F2}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{49E4E094-D04C-4A11-A9A4-22901022F619}C:\users\laura\documents\icq\394601241\receivedfiles\572781862 neige\umbrella-4.1.5.exe" = protocol=6 | dir=in | app=c:\users\laura\documents\icq\394601241\receivedfiles\572781862 neige\umbrella-4.1.5.exe | 

"TCP Query User{69EE6CFA-39AA-4FF2-A2A0-1BFECCE2ECC5}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"TCP Query User{6A2C5EBD-2CE6-4C94-B1FB-5A43043832AA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{6D7A931C-759F-4853-937C-872A88F71D0E}F:\umbrella-4.1.5.exe" = protocol=6 | dir=in | app=f:\umbrella-4.1.5.exe | 

"TCP Query User{742F3A32-6B6F-46FA-96D9-3E8C12D9349B}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{85434F17-B7E5-4797-8524-3AAEFCB1DE2E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{C2B2F517-DE79-41EA-BA8A-E95603C0012F}C:\users\laura\documents\crp-manager.exe" = protocol=6 | dir=in | app=c:\users\laura\documents\crp-manager.exe | 

"TCP Query User{C7694C3D-9732-4FCD-BDB4-784691F80596}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 

"TCP Query User{E27F77B8-7659-4212-BF89-A12405FE543C}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"TCP Query User{F7F900B6-FADD-4106-ADDD-2596249E6FCA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{11ED3C34-4F85-40C5-9919-8DF0EE9752FC}F:\umbrella-4.1.5.exe" = protocol=17 | dir=in | app=f:\umbrella-4.1.5.exe | 

"UDP Query User{33A1AA5E-936F-4065-B25E-88EFBF18BB45}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{3E843EFF-3455-4AD3-A67A-4F4BEDFCB53C}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"UDP Query User{47DAFE52-B680-4FC6-B9F0-06A65DDC3444}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{4B6FBFBC-52BA-4A00-B54C-A881BA225135}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"UDP Query User{4EAE28AD-E242-426F-AD69-5A8F334AB305}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{A66F727A-841B-470E-96B0-9CF60DFB8F83}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 

"UDP Query User{A80FE35E-74A0-49B8-8088-2433F60FAA16}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"UDP Query User{ABFF17D7-465C-4C42-A2E8-DF11FA0ADB1A}C:\users\laura\documents\crp-manager.exe" = protocol=17 | dir=in | app=c:\users\laura\documents\crp-manager.exe | 

"UDP Query User{B58C5F2C-A5D3-4EEC-87A5-F1AAA499EF41}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{BDE0415D-D544-49BC-B154-CD0C7601B673}C:\users\laura\documents\icq\394601241\receivedfiles\572781862 neige\umbrella-4.1.5.exe" = protocol=17 | dir=in | app=c:\users\laura\documents\icq\394601241\receivedfiles\572781862 neige\umbrella-4.1.5.exe | 

"UDP Query User{C0A8A5B6-BBC6-43B8-AC63-AB650477333D}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 

"UDP Query User{C82BDF72-9BAD-44E3-9605-966DE8F33181}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"UDP Query User{EFCACE84-22D9-43EA-A24E-179248F6C4A6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4D0FEAB4-5D81-4461-A9CA-766B530FC6EA}" = G DATA AntiVirenKit

"{4FE82F4B-B7D8-4E65-84AD-E0436CDE57DD}" = ArcSoft PhotoImpression 5

"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31

"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" =  DCP-375CW

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{7472B5B4-3FB7-446F-BC78-6BBA506EC473}" = Opera 9.50

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C833C7B6-1140-471D-932B-391B5CA66D7D}" = Digital Video

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"7-Zip" = 7-Zip 4.64

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DriftCity_EU" = Drift City

"Free Studio_is1" = Free Studio version 4.8

"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"LastFM_is1" = Last.fm 1.5.4.27091

"lvdrivers_11.70" = Logitech QuickCam-Treiberpaket

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"NVIDIA Drivers" = NVIDIA Drivers

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnose Tools

"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.5

"WildTangent hp Master Uninstall" = My HP Games

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"XnView_is1" = XnView 1.92.1

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"QIP 2005" = QIP 2005 8092

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 08.03.2011 13:08:46 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:08:46.210]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:09:55 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:09:55.365]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:11:04 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:11:04.519]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:12:13 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:12:13.674]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:13:22 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:13:22.829]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:14:14 | Computer Name = Laura-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 08.03.2011 13:14:31 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:14:31.963]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:15:41 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:15:41.092]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:16:50 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:16:50.247]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

Error - 08.03.2011 13:17:59 | Computer Name = Laura-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/03/08 18:17:59.402]: [00000756]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[192.168.1.249]  

 

[ System Events ]

Error - 26.02.2011 16:54:38 | Computer Name = Laura-PC | Source = disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR5.

 

Error - 28.02.2011 13:29:59 | Computer Name = Laura-PC | Source = bowser | ID = 8003

Description = 

 

Error - 28.02.2011 13:43:08 | Computer Name = Laura-PC | Source = bowser | ID = 8003

Description = 

 

Error - 28.02.2011 14:02:11 | Computer Name = Laura-PC | Source = bowser | ID = 8003

Description = 

 

Error - 28.02.2011 14:14:10 | Computer Name = Laura-PC | Source = bowser | ID = 8003

Description = 

 

Error - 28.02.2011 14:20:56 | Computer Name = Laura-PC | Source = bowser | ID = 8003

Description = 

 

Error - 06.03.2011 12:07:40 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 07.03.2011 03:31:49 | Computer Name = Laura-PC | Source = Server | ID = 2505

Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht

 \Device\NetBT_Tcpip_{86CD1880-FF72-46F6-9569-E5AD99EEF5F5} vom Serverdienst nicht

 gebunden werden. Der Serverdienst konnte nicht gestartet werden.

 

Error - 07.03.2011 14:06:39 | Computer Name = Laura-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 08.03.2011 08:11:03 | Computer Name = Laura-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 07.03.2011 um 19:10:34 unerwartet heruntergefahren.

 

 

< End of report >

--- --- ---

OTL Log 2:OTL Logfile:

Code:

OTL logfile created on: 08.03.2011 18:16:00 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Laura\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,69 Gb Total Space | 240,33 Gb Free Space | 52,74% Space Free | Partition Type: NTFS

Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

Drive F: | 3,74 Gb Total Space | 2,96 Gb Free Space | 79,21% Space Free | Partition Type: FAT32

 

Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Laura\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\phonostar\ps_timer.exe (phonostar)

PRC - C:\Programme\phonostar\ps_agent.exe (phonostar)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G DATA Software AG)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Programme\G DATA AntiVirenKit\AVKTray\AVKTray.exe (G DATA Software AG)

PRC - C:\Programme\G DATA AntiVirenKit\AVK\AVKService.exe (G DATA Software AG)

PRC - C:\Programme\G DATA AntiVirenKit\AVK\AVKWCtl.exe (G DATA Software AG)

PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Laura\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\Temp\logishrd\LVPrcInj02.dll (Logitech Inc.)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G DATA Software AG)

SRV - (AVKService) -- C:\Programme\G DATA AntiVirenKit\AVK\AVKService.exe (G DATA Software AG)

SRV - (AVKWCtl) -- C:\Programme\G DATA AntiVirenKit\AVK\AVKWCtl.exe (G DATA Software AG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)

DRV - (GDTdiInterceptor) -- C:\Windows\System32\drivers\GDTdiIcpt.sys ()

DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G DATA Software AG)

DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G DATA Software AG)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)

DRV - (CoachUsb) -- C:\Windows\System32\drivers\CoachDc.sys (FotoNation Inc.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.04 20:02:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.04 20:02:40 | 000,000,000 | ---D | M]

 

[2009.02.24 21:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\mozilla\Extensions

[2011.03.08 13:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions

[2009.09.01 17:55:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.02.06 19:38:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.09.09 20:09:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.07.23 14:35:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2009.07.21 11:58:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009.02.09 21:30:40 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Laura\AppData\Roaming\mozilla\Firefox\Profiles\4ku9grfk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2010.09.10 13:07:57 | 000,000,873 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\4ku9grfk.default\searchplugins\conduit.xml

[2011.03.08 13:25:44 | 000,000,950 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\4ku9grfk.default\searchplugins\icqplugin-1.xml

[2010.06.25 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\4ku9grfk.default\searchplugins\icqplugin-2.xml

[2010.02.20 18:24:44 | 000,000,944 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\4ku9grfk.default\searchplugins\icqplugin.xml

[2009.02.09 21:30:35 | 000,003,915 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\4ku9grfk.default\searchplugins\sweetim.xml

[2010.08.23 18:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.08.23 18:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2009.02.24 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org

[2008.05.04 18:39:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

[2010.08.23 18:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.08.23 18:20:03 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2008.03.14 21:47:11 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv41629.dll

[2009.12.01 19:36:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2009.12.01 19:36:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2009.12.01 19:36:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2009.12.01 19:36:00 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2009.12.01 19:36:00 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.10.04 20:12:22 | 000,000,785 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1 gs.apple.com

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AVKTray] C:\Program Files\G DATA AntiVirenKit\AVKTray\AVKTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [HP Health Check Scheduler]  File not found

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe (phonostar)

O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()

O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqggoava.exe ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} hxxp://80.237.209.20/objects/NpFv41629.dll (Flatcast Viewer 4.16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.11.28 14:48:09 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.03.08 18:17:20 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.08 17:18:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe

[2011.03.08 17:10:23 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Malwarebytes

[2011.03.08 17:08:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.03.08 17:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.03.08 17:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.03.08 17:08:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.03.08 17:08:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.06 18:56:28 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\FA

[2011.02.26 21:39:10 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\smart 44

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.08 18:15:14 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51B6BFCB-2BF3-49FB-908B-000956C1A405}.job

[2011.03.08 18:14:14 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\iajl.sys

[2011.03.08 18:02:36 | 000,160,066 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqggoava.exe

[2011.03.08 18:01:23 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.03.08 18:01:23 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.03.08 18:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.03.08 18:01:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2011.03.08 18:01:13 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys

[2011.03.08 18:00:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.03.08 17:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe

[2011.03.08 17:08:29 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.08 15:44:42 | 000,009,828 | ---- | M] () -- C:\Users\Laura\Documents\Endseite.odt

[2011.03.06 18:32:41 | 000,183,808 | ---- | M] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.06 17:07:47 | 000,007,592 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat

[2011.02.28 08:54:39 | 000,010,752 | ---- | M] () -- C:\Users\Laura\Documents\Facharbeit.wps

[2011.02.28 08:54:39 | 000,000,220 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\wklnhst.dat

[2011.02.28 08:53:12 | 000,641,032 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.02.28 08:53:12 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.02.28 08:53:12 | 000,116,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.02.28 08:53:12 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2011.03.08 18:14:14 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\iajl.sys

[2011.03.08 18:04:31 | 000,160,066 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqggoava.exe

[2011.03.08 17:08:29 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.08 15:44:41 | 000,009,828 | ---- | C] () -- C:\Users\Laura\Documents\Endseite.odt

[2011.02.28 08:54:39 | 000,010,752 | ---- | C] () -- C:\Users\Laura\Documents\Facharbeit.wps

[2010.07.15 10:34:23 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2009.11.21 14:44:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2009.11.21 14:41:03 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat

[2009.11.21 14:40:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll

[2009.11.21 14:35:05 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini

[2009.09.01 16:55:27 | 000,000,220 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\wklnhst.dat

[2009.06.16 17:28:28 | 000,025,934 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\UserTile.png

[2008.10.29 21:35:53 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008.05.13 21:48:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.03.16 21:07:27 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008.03.14 21:38:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008.02.16 13:06:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008.02.05 18:20:08 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2008.02.03 15:27:35 | 000,183,808 | ---- | C] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.02.03 12:13:23 | 000,039,120 | ---- | C] () -- C:\Windows\System32\drivers\GDTdiIcpt.sys

[2008.02.03 01:02:19 | 000,007,592 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat

[2007.11.28 22:39:07 | 000,641,032 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2007.11.28 22:39:07 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2007.11.28 22:39:07 | 000,116,682 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2007.11.28 22:39:07 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.11.28 14:40:29 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat

[2007.11.28 14:24:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe

[2007.11.28 14:22:09 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2007.11.28 14:22:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 001,670,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2005.02.25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
 

< End of report >

--- --- ---

Danke nochmals :) Mein PC hat das Verfassen der Facharbeit zum Glück durchgehalten und ich konnte sie heute ausdrucken und abgeben.