Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mystart Trojaner eingefangen, Hilfe!!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.09.2012, 15:49   #1
Lisaaa
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



Hallo.
Vorab - ich bin ein 16-jähriges Mädchen und hab nicht viel Ahnung vom Computern. Redet also bitte nicht in Computersprache, das hilft mir nicht weiter.

Ich hab mich hier angemeldet, weil ich total am verzweifeln bin.

Ich hab mir vor 4 Tagen (glaube ich) etwas gedownloaded, der Download lies sich dann auch plötzlich nicht mehr abbrechen (auch nicht mitm Task-Manager). Tja, und dann hatte sich der Trojaner eingeschlichen.
Ich nutzte Chrome, und sobald ich einen neuen Tab auf mache kommt die Seite hxxp://mystart.incredibar.com. Ich hab erstmal bei den Chrome Einstellungen simpel versucht, die Seite zu löschen - geht nicht. Ich habe gegooglet und gegooglet, jeder sagt was anderes. Ich hab viel probiert, nix.
Gestern zeigte mein Kasperky dann eine Bedrohung an. Ich ließ ne 2-stündige Untersuchung machen und hoffte, es wird korrigert. Am Ende war wortwörtlich alles wieder im grünen Bereich, aber die Seite war noch da. Also hat sich nix geändert.
Grade mach ich meinen Lappi (übrigens Win7) an, startet der nicht richtig. Kasperky ist auch im roten Bereich (mittlerweile nach irgendnem Download wieder im grünen, aber heißt ja nix, wie wir mittlerweile Wissen).

BITTE BITTE HELFT MIR!!! Ich weiß nicht was ich machen soll wenn der hier alle meine Daten löscht oder mein Lappi am Ende noch im Arsch ist .. wird auch jeden Tag schlimmer!

Alt 21.09.2012, 17:19   #2
markusg
/// Malware-holic
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



hi
öffne mal kaspersky,und poste uns die gefundene(n) bedrohung)en)
danach:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 21.09.2012, 17:36   #3
Lisaaa
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



Das ist es ja: Kaspersky sieht das anscheinend noch nicht. Da steht ja, dass der Computer sicher ist..

Und der Link mit dem Download geht bei mir irgendwie nicht. Page not found..
__________________

Alt 21.09.2012, 17:38   #4
markusg
/// Malware-holic
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



hiho
da sind 2 links.
du sagtest doch, kaspersky hätte anfangs eine bedrohung gefunden, darüber müsste im programm ein bericht zu finden sein.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.09.2012, 13:17   #5
Lisaaa
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



Hier erstmal dieses OTL.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/22/2012 1:53:14 PM - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Lisa\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.48 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 66.15% Memory free
6.96 Gb Paging File | 5.66 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 301.94 Gb Total Space | 223.73 Gb Free Space | 74.10% Space Free | Partition Type: NTFS
Drive D: | 148.72 Gb Total Space | 70.49 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/22 13:50:37 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2011/12/08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/12/08 03:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/01 15:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2011/04/13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/19 19:57:58 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 20:35:11 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:30:19 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/14 20:30:05 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/14 20:29:54 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/06/14 20:29:52 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/05/12 19:05:57 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/05/12 19:03:04 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 19:02:49 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/10 22:25:53 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 22:22:34 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/10 22:22:27 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/10 22:22:19 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/10 22:22:10 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011/12/28 16:15:50 | 000,115,137 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
MOD - [2011/12/08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2010/09/19 13:05:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/10/27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/10/27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/21 18:03:01 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/02/10 18:17:24 | 009,936,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/26 22:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=1
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={87F64325-68CB-11DF-AF6A-0024545FE718}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=5a77c441000000000000c417fecacc60
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=5a77c441000000000000c417fecacc60
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06FDDA33-2034-4E96-A60C-69C4AD389F84}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=5a77c441000000000000c417fecacc60
IE - HKCU\..\SearchScopes\{27840BD7-8491-41B6-8FFB-889C34ACC45A}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{7D355D40-C3B6-46E6-A758-EE0A292A3DCC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{B8EABFB3-EB79-4A08-A702-31815A728D42}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{CFC9FD4C-AF60-4C39-B0FA-6A0A839457E5}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyOw0UJDu&i=26
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={87F64325-68CB-11DF-AF6A-0024545FE718}
IE - HKCU\..\SearchScopes\{F8372CC8-BFA6-4083-8E5E-CABA1A018BAE}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=5a77c441000000000000c417fecacc60"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 18:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/19 19:57:59 | 000,000,000 | ---D | M]
 
[2011/03/27 20:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
[2012/09/19 20:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\hv0tzcbq.default\extensions
[2012/04/11 22:47:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\hv0tzcbq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/02/04 22:24:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\hv0tzcbq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/11 22:47:29 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/09/16 18:05:59 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-1.xml
[2011/09/16 17:43:27 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-2.xml
[2012/04/11 22:56:12 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-3.xml
[2012/09/19 21:44:26 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-4.xml
[2011/08/07 20:48:28 | 000,001,034 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin.xml
[2012/09/22 23:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/10/26 12:05:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/19 17:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/12 15:32:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/09/22 23:44:26 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/05/21 18:04:56 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012/09/19 19:57:59 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2011/09/18 18:48:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.100_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Lisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Splendid = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll File not found
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Lisa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] ~"C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FC6C988-6AFC-4DF3-B3AC-C09F4807A70E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5FFB13-942A-4BFE-8062-4E8F59AD1F02}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/16 06:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{19629db7-1f31-11df-9c99-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19629db7-1f31-11df-9c99-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{c2594754-27ee-11e1-940e-0024545fe718}\Shell - "" = AutoRun
O33 - MountPoints2\{c2594754-27ee-11e1-940e-0024545fe718}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {222FB945-258A-4734-84EA-99E5B4EF4E00} - WEB.DE Browser Add-on
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {340219A6-77F0-4A73-8735-3ECBE48CC077} - WEB.DE Browser Add-on
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {808D9323-16E9-411B-9F6B-E733B6B955B9} - WEB.DE Update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A477E148-6951-4E85-BB46-32845F242F0F} - WEB.DE Update
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{E21663EC-B5F9-4842-8303-EE4FDADFEF6D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/22 13:47:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{29558843-02EC-4DE9-9F41-42009BF497B6}
[2012/09/21 18:10:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2012/09/21 18:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2012/09/21 18:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/09/21 18:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/09/21 18:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2012/09/21 18:09:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/09/21 18:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/09/21 17:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2012/09/21 16:32:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{BD854DC4-81CF-4468-A959-BF4AED3BB7A8}
[2012/09/21 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{5571F289-66EE-4986-903C-A7AF3F9FCC76}
[2012/09/19 19:58:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Start Menu
[2012/09/19 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/19 13:44:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/19 05:42:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2CC8F250-ADE7-4739-800F-F1A3DD9A7DE8}
[2012/09/18 19:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/09/18 19:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012/09/18 05:47:21 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{52835A22-A185-486A-8EB6-C22872A2AA70}
[2012/09/18 05:42:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2B095E71-3378-47B1-85FA-9FAF9AB67EE3}
[2012/09/17 06:43:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{9A5E2D88-7C92-4F10-9898-6D8B0C646BE3}
[2012/09/16 10:45:00 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{94B0FCEF-1639-4BE9-A902-6779DC9BAD43}
[2012/09/15 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{C1FD1299-AD07-422A-AE42-D337FC22D9B0}
[2012/09/14 16:32:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{DE981425-4797-4C93-B46A-6BE2B2D68CF9}
[2012/09/13 17:07:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{01BB91A1-D2D5-47CD-8780-B0E32D180656}
[2012/09/12 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{71DF10B9-1F22-4188-B928-97D5BDF7B87D}
[2012/09/11 20:28:01 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1D501E69-8677-48DC-BC51-CECF80883AFA}
[2012/09/11 05:39:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D13150EE-CAE9-4CE3-8C51-EFC501A8E07B}
[2012/09/10 06:40:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{069168C7-EEA7-4E54-9C84-3C1C59DEF3E8}
[2012/09/09 13:45:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{FE408C87-3831-4FA9-BDE5-35B54DBDB3A1}
[2012/09/08 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{78A33103-9D66-491C-B963-E4740B1583EC}
[2012/09/07 06:37:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{FA79375B-E3D4-44C5-AC34-678FB5E27E91}
[2012/09/06 06:33:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{0CB653B2-A166-4E2A-A03A-FC828F001A11}
[2012/09/05 07:06:14 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B10C2BE5-86B0-4B58-B41B-3A791395327A}
[2012/09/04 07:03:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F2F71257-2DDD-4E72-8180-CE76467B37B0}
[2012/09/03 13:21:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{DA6A9EFC-A29A-47AB-939A-3E94D1C788B1}
[2012/09/02 19:30:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F99B92B1-C369-448D-B43C-676CECFF1947}
[2012/09/01 15:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{25341902-58D6-41C1-9B14-400DE254D555}
[2012/08/31 11:24:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{25EEF005-D8CE-4490-B655-B9F5E63483B3}
[2012/08/30 08:50:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1782C86F-4AA9-4EBA-B2C1-53B9E31F2037}
[2012/08/29 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{25679C35-E401-453E-9D85-53D312112A2A}
[2012/08/28 11:33:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{7F0F14DF-4929-44FE-9A4E-C0D65A483F49}
[2012/08/27 13:25:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{43B12894-436D-4A71-BC5E-EB012BD75B79}
[2012/08/26 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{349CF534-C8BD-40B3-98CD-95DB31498A99}
[2012/08/25 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F742A142-E5C7-4585-A347-DE1D9D09CBED}
[2012/08/25 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1A21C770-E3E0-4999-999F-D24D729E9D26}
[2012/08/24 11:26:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{13A1B0B1-5EF5-4887-AF27-90C527D35623}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/22 13:54:03 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 13:54:03 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 13:47:13 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job
[2012/09/22 13:47:03 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2012/09/22 13:46:23 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/22 13:46:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/22 13:46:03 | 242,819,123 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/09/22 13:45:18 | 2804,121,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 21:29:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 20:45:00 | 000,000,086 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2012/09/19 20:12:07 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job
[2012/09/19 13:44:20 | 000,002,354 | ---- | M] () -- C:\Users\Lisa\Desktop\Google Chrome.lnk
[2012/09/16 14:15:35 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/16 14:15:35 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/16 14:15:35 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/16 14:15:35 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/14 23:56:59 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/19 20:44:58 | 000,000,086 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2012/09/19 13:44:20 | 000,002,354 | ---- | C] () -- C:\Users\Lisa\Desktop\Google Chrome.lnk
[2012/09/19 13:42:53 | 000,001,116 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job
[2012/09/19 13:42:53 | 000,001,064 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2012/06/06 21:06:23 | 000,000,367 | ---- | C] () -- C:\Users\Lisa\Heimnetzgruppe - Verknüpfung.lnk
[2011/10/31 12:22:42 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011/05/21 18:04:48 | 000,116,189 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2011/05/21 18:04:48 | 000,098,168 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2011/03/26 19:46:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/26 16:34:22 | 000,005,044 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2010/05/21 14:42:11 | 000,002,528 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\$_hpcst$.hpc
[2010/05/19 19:41:02 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2011/09/27 21:30:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\LocalLow\Microsoft\Silverlight\is\fihp3knr.app\aa3a0fbv.u4l\1\l
[2012/01/28 23:47:43 | 000,000,082 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JD9NTF77\t.cxt.ms\lso.swf\u.sol
[2010/06/05 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JD9NTF77\www8.agame.com\games\flash\u
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011/06/05 21:08:18 | 000,000,000 | -HSD | M] -- C:\Users\Lisa\AppData\Roaming\.#
[2012/02/04 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoft
[2011/02/06 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/19 20:24:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GameConsole
[2011/10/14 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\go
[2010/05/19 20:26:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Go Go Gourmet
[2012/09/19 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ICQ
[2011/09/18 11:21:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\LibreOffice
[2011/12/24 22:39:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Origin
[2010/05/21 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PC Suite
[2011/12/28 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Samsung
[2011/12/28 12:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Temp
[2010/06/03 17:22:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template
[2012/06/24 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010/08/03 13:34:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/08/07 18:22:19 | 000,000,000 | ---D | M] -- C:\BlueByte
[2012/09/19 20:48:17 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/12/05 06:30:25 | 000,000,000 | ---D | M] -- C:\Intel
[2010/05/19 19:46:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/01 13:05:56 | 000,000,000 | ---D | M] -- C:\Phenomedia AG
[2012/09/22 23:44:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/09/22 23:44:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/05/19 19:38:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/09/22 13:55:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/08/30 16:47:51 | 000,000,000 | ---D | M] -- C:\Temp
[2010/05/19 19:39:26 | 000,000,000 | R--D | M] -- C:\Users
[2012/09/22 13:46:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2010/05/24 21:15:31 | 000,001,094 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/05/24 21:15:32 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 14:02:46 | 000,001,112 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2011/09/03 14:02:47 | 000,001,134 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job
[2012/09/19 13:42:53 | 000,001,064 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2012/09/19 13:42:53 | 000,001,116 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 07:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\drivers\iaStor.sys
[2009/11/20 07:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_a3da184953a37ce8\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl1.sys
[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl2.sys
[2011/05/21 18:03:01 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klif.sys
[2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\klim6.sys
[2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/04/13 15:38:36 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\klogon.dll
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2012/06/06 21:06:23 | 000,000,367 | ---- | M] () -- C:\Users\Lisa\Heimnetzgruppe - Verknüpfung.lnk
[2012/09/22 14:00:10 | 004,980,736 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat
[2012/09/22 14:00:10 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1
[2010/05/19 19:39:27 | 000,000,000 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG2
[2010/05/19 20:04:20 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/19 20:04:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 20:04:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/07/12 20:07:10 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{7663d120-8db8-11df-b54d-0024545fe718}.TM.blf
[2010/07/12 20:07:09 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{7663d120-8db8-11df-b54d-0024545fe718}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 20:07:10 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{7663d120-8db8-11df-b54d-0024545fe718}.TMContainer00000000000000000002.regtrans-ms
[2012/09/21 18:39:33 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{e94ebba5-03f8-11e2-bd55-0024545fe718}.TM.blf
[2012/09/21 18:39:33 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{e94ebba5-03f8-11e2-bd55-0024545fe718}.TMContainer00000000000000000001.regtrans-ms
[2012/09/21 18:39:33 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{e94ebba5-03f8-11e2-bd55-0024545fe718}.TMContainer00000000000000000002.regtrans-ms
[2012/09/22 13:46:18 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{f590efc5-04aa-11e2-90ec-0024545fe718}.TM.blf
[2012/09/22 13:46:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{f590efc5-04aa-11e2-90ec-0024545fe718}.TMContainer00000000000000000001.regtrans-ms
[2012/09/22 13:46:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{f590efc5-04aa-11e2-90ec-0024545fe718}.TMContainer00000000000000000002.regtrans-ms
[2010/05/19 19:39:27 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini
[2012/06/06 21:06:26 | 000,148,480 | -HS- | M] () -- C:\Users\Lisa\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
         
--- --- ---

Extras txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/22/2012 1:53:14 PM - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Lisa\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.48 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 66.15% Memory free
6.96 Gb Paging File | 5.66 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 301.94 Gb Total Space | 223.73 Gb Free Space | 74.10% Space Free | Partition Type: NTFS
Drive D: | 148.72 Gb Total Space | 70.49 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8E486C-9C2A-4A77-BD46-539FBDA22073}" = rport=139 | protocol=6 | dir=out | app=system | 
"{16675751-CA47-4AFC-B953-E704E17060A9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{189B0A50-BB7F-489E-A7AE-8B6F57471421}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{253792DD-E9B0-453C-ABEA-BDBB0E5E5939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{270147F5-34A5-4762-94C5-D0BE229FDBA8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{397CEB25-3E8F-4611-8394-538D052EF575}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{40451385-5874-413B-9924-9B2A30029466}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{40CE33F0-7D7F-40D7-8C7C-CEB51AD58986}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{418BC385-CC75-4D6B-9B0C-7C3F3CE36004}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{41B4E18D-50C1-488B-BA07-A1E1BD0DB0B1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4C619419-C76F-4184-9109-1700F32BB7AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{54E98889-FF37-45F5-8511-E76AAD76983B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E5F6BC7-4F52-4A49-9951-7FEB7DC71BAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66EBDB99-C35B-44F7-BE74-D27A4D4CF8AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6878F091-C627-4810-BC2F-661B31F1EC89}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6DB7B1F6-E7C2-44A6-B1AE-43FD19C236C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7737BD34-FF46-4091-9928-F945B2EC8AC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B313264-7E1B-4F76-9431-64D01B23A212}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E6681E6-CD74-4DC3-8E6F-F4538471E6ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7F7C8279-CE4A-4A02-B8CE-9B341C57AD0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A311DEF6-2A45-4486-BEC2-AD54D6EF8386}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A73D542D-83B9-42CD-A3FB-66912C4EB25C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AFF46CB4-3ABC-4A38-85D6-38038164D7B1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BAAF1C59-9F67-4DAA-BB70-0DCC459E7D12}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF308638-DFFF-4F18-B0AF-80FE1804B9E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E7AA3BDC-F00C-481A-9951-59C4334E612F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFB7C89B-1025-4A85-9E65-F1EAB125B96A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BB677E-14AF-4813-96CC-5A6A42DB5D20}" = protocol=17 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe | 
"{077F7EB0-8B2B-4E15-B9F3-BF38D58B5E3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CEA1B26-A01D-46CB-91A6-245DB204A900}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12A6C94D-4871-4CF6-BE5B-65B31CF80F66}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{12F4A2D0-C0C6-46C7-9F7E-064D380E5A1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1598A42B-853B-4835-B12A-98664CFF42B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1A8C7E02-D22A-4953-915F-37E164BD1CB1}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{2423E344-FA8C-4D23-8FC8-5BBF45CE6D72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2B043814-5690-4DB9-A38B-6D5D4DCC0F06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2ED75C22-C27B-4248-9CBD-539A53890C2C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{377FDEA4-5177-40E8-891E-F304FCEC5DB8}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{38BB7640-0E17-4646-87AC-BDDC4F7DEBE3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3DD3437D-A8EA-4950-A76A-3D55D464FDD5}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{3DD4374E-20B3-44FB-9E85-438EAF02BD6A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E01D3B2-8ECB-40AD-B051-4AF9C37C7591}" = protocol=6 | dir=in | app=c:\users\lisa\downloads\sweetimsetup.exe | 
"{46F99C3B-70FC-4C95-A1CF-D0E6E0F991DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{47109BB8-90B5-4124-AF08-4E4E82A6A3C5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{4A52B94C-8679-40B2-846B-0464984D8963}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{4BE35DCE-43BF-4F9D-8530-24F8A8D80B57}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{51520E62-7CEC-4251-AB02-5162C6A36261}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{54D934D1-A226-4939-B3B0-A50C6BAF032D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{56DEB7B7-B964-42A6-806E-B70072091A85}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{64606CCC-5BF4-47FB-86DD-A0C3552DA641}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A728BCC-0E3B-489F-9322-317DAC66A283}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{6DB2123F-A2FC-41BA-BE3F-1D735AEF3098}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6E3A96C7-E622-43B9-8657-B1F31005A4F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F4ACC1E-9363-4BA3-BAA6-933AA5804AA3}" = dir=in | app=c:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{780CFA94-960D-4C11-AEC0-697C048EFE8C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{798E882A-F9B8-4A5E-AEA9-691F397FC7FC}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{7A11B0F2-035E-4FDC-AEB0-389397733C62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7F35C5D9-8FE0-43C4-9A4F-7C44B3DFCA82}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{806A04CA-B5B5-46AD-80B4-549F069DE125}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8077295A-F783-46A1-8CCD-F806E58FF004}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{87F34DC7-82F7-44CA-8058-8190A17A0852}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8D53590D-EA52-4E68-949D-8DDA25BE6EEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94D508BC-C2C2-45E7-BE10-D989EF938703}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{976F6410-9268-4DFF-A2FD-76D705855B5D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{9C90446E-AD28-463C-B02E-A1B91790047D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D5C87B5-B894-426F-945E-DB10931D2CB1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{A0502994-5053-45F3-82F5-298BF29631F1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{A5D9943F-9F16-474E-ACF2-45FC8D8C92BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A75566FE-161C-4E60-801C-4B3983CF7C12}" = protocol=6 | dir=out | app=system | 
"{B8119AC2-1E1E-4B15-911B-EC2433D0581C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CE08D41C-53E2-421F-A1D5-0B90F4C788F7}" = protocol=6 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe | 
"{D2ADDF4B-A6D4-44C2-9D07-5DDBCC49D497}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{DD9520DD-940A-4CDF-8E44-118CBFBDB2A9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E30DB952-C163-48FA-8125-CCAC1F5DEB7D}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{EF68FB9D-E550-4585-ACFB-CA1B78CBD4F1}" = protocol=17 | dir=in | app=c:\users\lisa\downloads\sweetimsetup.exe | 
"{FF2BBA31-26B5-4E18-A303-9E0A80DDE39F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{093465B7-E75C-4AE8-8A58-6ED7AE782F25}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{3937EBE8-521B-432C-818F-14E92AE35085}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5705B37E-1288-4097-AC9F-DAAB442A379C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4E9B476C-5CF1-407A-B416-2562F62529C0}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{81308E4E-05A9-4122-B30A-A2BAD6196D17}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{8A475D1B-DBCD-44AA-909F-8285921E90A9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.100
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF507761-0AD4-4BCC-A636-42DB38E689B0}" = Sven 2 XXL
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B16D7022-A166-420B-BC44-E6682452EBA5}" = LibreOffice 3.3
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}" = Sven XXX - XXL
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24AECDA-101F-11D6-986D-00500443CF9F}" = Sven Bømwøllen
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/2/2012 5:33:26 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
 Zeitstempel: 0x491c0a79  Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
 2.0.2313.0, Zeitstempel: 0x491c0a79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003ce7
ID
 des fehlerhaften Prozesses: 0xdc0  Startzeit der fehlerhaften Anwendung: 0x01cd7091dd399f8f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
 1ba23725-dc85-11e1-aefc-0024545fe718
 
Error - 8/2/2012 5:44:24 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
 Zeitstempel: 0x491c0a79  Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
 2.0.2313.0, Zeitstempel: 0x491c0a79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003ce7
ID
 des fehlerhaften Prozesses: 0x14a0  Startzeit der fehlerhaften Anwendung: 0x01cd70930994851f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
 a3fa2a2b-dc86-11e1-aefc-0024545fe718
 
Error - 8/23/2012 5:46:58 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
 Zeitstempel: 0x491c0a79  Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
 2.0.2313.0, Zeitstempel: 0x491c0a79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003ce7
ID
 des fehlerhaften Prozesses: 0x690  Startzeit der fehlerhaften Anwendung: 0x01cd81108d320469
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
 7a824f87-ed07-11e1-8352-0024545fe718
 
Error - 8/31/2012 10:09:05 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
 Zeitstempel: 0x4f596cbb  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
 2.0.7883.3217, Zeitstempel: 0x4a88fced  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9f8
ID
 des fehlerhaften Prozesses: 0xdec  Startzeit der fehlerhaften Anwendung: 0x01cd8781fece0045
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
 6bf3d2f1-f375-11e1-ae91-0024545fe718
 
Error - 9/1/2012 6:15:10 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
 Zeitstempel: 0x4f596cbb  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
 2.0.7883.3217, Zeitstempel: 0x4a88fced  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9f8
ID
 des fehlerhaften Prozesses: 0xacc  Startzeit der fehlerhaften Anwendung: 0x01cd882aa4fc54f3
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
 e8a00993-f41d-11e1-8262-0024545fe718
 
Error - 9/4/2012 7:32:33 AM | Computer Name = Lisa-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 21.0.1180.89 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 4b8    Startzeit: 
01cd8a8ee24266ee    Endzeit: 21    Anwendungspfad: C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe

Berichts-ID:
 2d2b22cd-f684-11e1-ae85-0024545fe718  
 
Error - 9/7/2012 6:55:23 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
 Zeitstempel: 0x4f596cbb  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
 2.0.7883.3217, Zeitstempel: 0x4a88fced  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9f8
ID
 des fehlerhaften Prozesses: 0xdd4  Startzeit der fehlerhaften Anwendung: 0x01cd8ce74247b050
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
 8584ea91-f8da-11e1-85a9-0024545fe718
 
Error - 9/17/2012 10:42:09 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.116, Zeitstempel:
 0x50001496  Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16448, Zeitstempel:
 0x4fecfb0e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002627f8  ID des fehlerhaften Prozesses:
 0xfa8  Startzeit der fehlerhaften Anwendung: 0x01cd94e244c3f41b  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls: 
C:\Windows\System32\mshtml.dll  Berichtskennung: dba60a6e-00d5-11e2-8265-0024545fe718
 
Error - 9/19/2012 2:12:07 PM | Computer Name = Lisa-PC | Source = Google Update | ID = 20
Description = 
 
Error - 9/19/2012 2:47:42 PM | Computer Name = Lisa-PC | Source = Application Hang | ID = 1002
Description = Programm adwcleaner.exe, Version 2.0.0.2 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 550    Startzeit: 
01cd96966f3582a8    Endzeit: 16    Anwendungspfad: C:\Users\Lisa\Downloads\adwcleaner.exe

Berichts-ID:
 7591e226-028a-11e2-b473-0024545fe718  
 
Error - 9/21/2012 1:48:56 PM | Computer Name = Lisa-PC | Source = MsiInstaller | ID = 11706
Description = 
 
[ OSession Events ]
Error - 6/16/2011 2:14:52 PM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/8/2011 7:19:06 AM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/21/2012 10:31:47 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 9/21/2012 11:26:10 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 9/21/2012 1:35:43 PM | Computer Name = Lisa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?09.?2012 um 18:39:30 unerwartet heruntergefahren.
 
Error - 9/21/2012 1:35:49 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 9/21/2012 1:36:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Oberon Media Game Console service erreicht.
 
Error - 9/21/2012 1:36:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Oberon Media Game Console service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 9/21/2012 1:38:03 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Kaspersky Security Suite CBE 11 Service" wurde nicht richtig
 gestartet.
 
Error - 9/21/2012 1:38:03 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KL1  KLIF
 
Error - 9/22/2012 7:46:19 AM | Computer Name = Lisa-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 9/22/2012 7:46:18 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >
         
--- --- ---



Hab eben nochmal nach meinem Kaspersky geguckt: es geht nicht mehr, total kaputt..
Sag mal, muss ich jetzt Angst haben oder kriegt man das wieder richtig weg?


Alt 25.09.2012, 18:23   #6
markusg
/// Malware-holic
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



sorry für die wartezeit

lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> Mystart Trojaner eingefangen, Hilfe!!

Alt 25.09.2012, 19:37   #7
Lisaaa
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.06.2011 6,00MB 10.3.181.23 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 21.05.2011 6,00MB 10.3.181.14 notwendig
Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 19.05.2010 229MB 9.1.0 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 19.06.2010 11.5.7.609 notwendig
AnyPC Client Doctorsoft 05.12.2009 1.0.0.23 unbekannt
Babylon toolbar on IE BabylonToolbar 25.09.2012 unnötig
BatteryLifeExtender Samsung 05.12.2009 14,2MB 1.0.1 unbekannt
Browser Manager 19.09.2012 unbekannt
CCleaner Piriform 22.08.2012 3.22 notwendig
ChargeableUSB SAMSUNG 05.12.2009 1.0.0.0 notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 20.08.2012 229MB 12.0.6612.1000 notwendig
CyberLink DVD Suite CyberLink Corp. 05.12.2009 15,1MB 6.0.2806 notwendig
CyberLink LabelPrint CyberLink Corp. 05.12.2009 163MB 2.5.1916 notwendig
CyberLink Power2Go CyberLink Corp. 05.12.2009 120MB 6.0.3108a notwendig
CyberLink PowerDirector CyberLink Corp. 05.12.2009 367MB 7.0.3213 notwendig
CyberLink PowerDVD 8 CyberLink Corp. 05.12.2009 91,3MB 8.0.2815b notwendig
CyberLink PowerProducer CyberLink Corp. 05.12.2009 297MB 5.0.1.1812 notwendig
CyberLink YouCam CyberLink Corp. 19.05.2010 77,1MB 2.0.3304 notwendig
Die Sims™ 3 Electronic Arts 14.06.2012 1.34.27 notwendig
Die Sims™ 3 Einfach tierisch Electronic Arts 24.12.2011 10.0.96 notwendig
Die Sims™ 3 Late Night Electronic Arts 27.08.2011 6.5.1 notwendig
Die Sims™ 3 Luxus-Accessoires Electronic Arts 12.07.2010 3.5.8 notwendig
Die Sims™ 3 Traumkarrieren Electronic Arts 14.07.2010 4.0.87 notwendig
DVDVideoSoftTB Toolbar 21.03.2011 6.3.2.17 notwendig
Easy Display Manager Samsung Electronics Co., Ltd. 05.12.2009 3.0 unbekannt
Easy Network Manager Samsung 05.12.2009 19,0MB 4.2.4 unbekannt
Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 05.12.2009 3.0.0.5 unbekannt
EasyBatteryManager Samsung 05.12.2009 4.0.0.3 unbekannt
EasyBits GO EasyBits Media 12.06.2011 unbekannt
Facebook Video Calling 1.2.0.159 Skype Limited 21.03.2012 4,76MB 1.2.159 unnötig
Facemoods Toolbar 23.08.2011 unnötig
Farm Frenzy 2 Oberon Media 19.05.2010 unnötig
FileConverter 1.3 Toolbar FileConverter 1.3 22.09.2012 6.9.0.16 unnötig
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 06.02.2011 10,3MB notwendig
Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 04.02.2012 85,5MB notwendig
Game Pack Oberon Media, Inc. 19.05.2010 5.3.0.10 unnötig
Giant Savings 215 Apps 25.09.2012 1.20.150.150 unbekannt
GIMP 2.6.11 The GIMP Team 23.08.2011 107MB 2.6.11 unbekannt
Go-Go Gourmet Oberon Media 19.05.2010 unnötig
Google Chrome Google Inc. 19.09.2012 21.0.1180.89 notwendig
Google Toolbar for Internet Explorer Google Inc. 12.08.2012 7.4.3203.136 unnötig
Guitar Hero World Tour Aspyr 21.03.2012 7,54GB 1.0 unnötig
Harry Potter II 23.05.2010 unnötig
ICQ7.4 ICQ 14.04.2011 7.4 notwendig
iLivid Bandoo Media Inc 22.09.2012 1.92 unbekannt
Incredibar Toolbar on IE 18.09.2012 unnötig
Intel(R) Rapid Storage Technology Intel Corporation 05.12.2009 9.5.4.1001 notwendig
Intel(R) Turbo Boost Technology Driver Intel Corporation 05.12.2009 01.00.01.1002 notwendig
Java(TM) 6 Update 31 Oracle 12.03.2012 95,1MB 6.0.310 notwendig
Java(TM) 7 Update 5 Oracle 01.07.2012 99,3MB 7.0.50 notwendig
JavaFX 2.1.1 Oracle Corporation 01.07.2012 20,8MB 2.1.1 notwendig
JDownloader 0.9 AppWork GmbH 25.09.2012 0.9 unnötig
Kaspersky Security Suite CBE 11 Kaspersky Lab 21.05.2011 11.0.2.556 notwendig
LibreOffice 3.3 LibreOffice 18.09.2011 944MB 3.3.8 notwendig
Marvell Miniport Driver Marvell 05.12.2009 11.22.3.3 unbekannt
McAfee Security Scan Plus McAfee, Inc. 16.06.2010 8,30MB 2.0.181.2 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.12.2011 38,8MB 4.0.30320 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.12.2011 2,93MB 4.0.30320 unbekannt
Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 unbekannt
Microsoft Office Home and Student 2007 Microsoft Corporation 29.02.2012 12.0.6612.1000 unbekannt
Microsoft Office Live Add-in 1.3 Microsoft Corporation 19.05.2010 494KB 2.0.2313.0 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 20.08.2012 136MB 12.0.6612.1000 notwendig
Microsoft Office Suite Activation Assistant Microsoft Corporation 19.05.2010 8,36MB 2.9 notwendig
Microsoft Silverlight Microsoft Corporation 10.05.2012 222MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 19.05.2010 1,72MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 20.07.2010 252KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 598KB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.09.2011 240KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.06.2010 596KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.12.2011 15,0MB 10.0.40219 unbekannt
Microsoft Works Microsoft Corporation 12.04.2012 1,02GB 9.7.0621 notwendig
Microsoft WSE 3.0 Runtime Microsoft Corp. 19.05.2010 942KB 3.0.5305.0 unbekannt
Mozilla Firefox 5.0 (x86 de) Mozilla 18.09.2011 35,2MB 5.0 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24.05.2010 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.05.2010 1,33MB 4.20.9876.0 unbekannt
MyFreeCodec 28.12.2011 unbekannt
Need for Speed™ Most Wanted 13.07.2012 notwendig
NVIDIA Drivers NVIDIA Corporation 16.10.2010 1.10 unbekannt
Origin Electronic Arts, Inc. 24.12.2011 8.2.2.2413 notwendig
PC Connectivity Solution Nokia 21.05.2010 9,21MB 8.15.0.0 unnötig
Picasa 3 Google, Inc. 23.02.2012 3.8 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.12.2009 6.0.1.5969 unbekannt
REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 05.12.2009 1.01.0088 unbekannt
Samsung Kies Samsung Electronics Co., Ltd. 28.12.2011 195MB 2.1.0.11095_121 notwendig
Samsung New PC Studio Samsung Electronics Co., Ltd. 21.05.2010 200MB 1.00.0000 notwendig
Samsung R-Series Samsung 05.12.2009 24,2MB 1.0 notwendig
Samsung Recovery Solution 4 Samsung 05.12.2009 4.0.0.41 notwendig
Samsung Support Center Samsung 05.12.2009 40,8MB 1.0.21 notwendig
Samsung Update Plus Samsung Electronics Co., Ltd. 05.12.2009 2.0 notwendig
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 07.01.2012 42,1MB 1.4.8.0 unnötig
SamsungConnectivityCableDriver Samsung 21.05.2010 633KB 6.83.6.2.1 unnötig
Searchqu Toolbar Bandoo Media Inc 22.09.2012 4.1.0.3114 unnötig
Skype Click to Call Skype Technologies S.A. 26.10.2011 18,4MB 5.6.8442 notwendig
Skype™ 5.10 Skype Technologies S.A. 14.08.2012 19,3MB 5.10.116 notwendig
Sven 2 XXL 23.05.2010 unnötig
Sven Bømwøllen 01.06.2012 unnötig
Sven XXX - XXL 23.05.2010 notwendig
SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 06.11.2011 4,74MB 3.6.0002 unnötig
Synaptics Pointing Device Driver Synaptics Incorporated 21.08.2010 15.0.10.0 unbekannt
Tomb Raider: Legend 1.2 13.11.2010 notwendig
Uninstall 1.0.0.1 06.02.2011 10,4MB unbekannt
User Guide 05.12.2009 1.0 unbekannt
Web Assistant 2.0.0.100 IncrediBar 18.09.2012 1,84MB 2.0.0.100 unnötig
WEB.DE Internet Explorer Addon 1&1 Mail & Media GmbH 22.06.2011 1.0.1.0 notwendig
WEB.DE Softwareaktualisierung 1&1 Mail & Media GmbH 24.06.2011 2.0.1.5 unnötig
Windows Live Essentials Microsoft Corporation 17.06.2012 15.4.3555.0308 unnötig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 18.06.2012 5,57MB 15.4.5722.2 unnötig
Windows Live Sync Microsoft Corporation 19.05.2010 2,79MB 14.0.8089.726 unnötig
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 21.05.2010 10/12/2007 6.85.4.0 unbekannt
Yontoo 1.10.02 Yontoo LLC 19.09.2012 1,29MB 1.10.02 unbekannt



Da, wo ich schon erkannt habe, dass es was schlimmes ist (zum Beispiel einmal die "incredibar") hab ich schon unnötig dahintergeschrieben.

Jetzt isses zu spät, ich kommt nicht mehr rein. Er fährt nicht richtig hoch, es kommen immer wieder irgendwelche Fehlermeldungen und er überprüft und überprüft irgendwelche Daten, um dann wieder neu zu starten. Ne Computerbild-Notfall CD bringts auch nicht. Und jetzt?

Alt 27.09.2012, 16:46   #8
markusg
/// Malware-holic
 
Mystart Trojaner eingefangen, Hilfe!! - Standard

Mystart Trojaner eingefangen, Hilfe!!



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AnyPC
Babylon
Browser Manager
DVDVideoSoftTB : unnötiger unsinn, toolbars sind eine potentielle gefahr.
Facebook
Facemoods
Farm Frenzy
FileConverter
Game
Giant
GIMP
Go-Go
Google Toolbar
Guitar
Harry Potter
iLivid
Incredibar
Java: alle
Download der kostenlosen Java-Software
downloade java jre instalieren

deinstaliere:
JDownloader

Kaspersky : ist veraltet, aktuell ist version 2013, da solltest du überlegen ne lizenz zu erwerben.

deinstaliere.
McAfee
Mozilla Firefox : öffnen, hilfe, update, aktuell ist version 15

deinstaliere:
MyFreeCodec
PC Connectivity
Searchqu
Sven : alle unnötigen
SweetIM
Web Assistant
Windows Live : alle für dich unnötigen
Yontoo
hast du irgendwas selbst gelöscht?
kannst du wieder normal starten
und bitte ein wenig genauer, er überprüft irgendwas ist keine aussage mit der man arbeiten kann
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Mystart Trojaner eingefangen, Hilfe!!
ahnung, angemeldet, bereich, computer, daten, eingefangen, einstellungen, gen, hilfe!, löschen, löscht, mystart by incredibar, mystart trojaner, neue, neuen, nicht mehr, nutzte, plötzlich, seite, startet, tab, task-manager, total, trojaner, win, win7



Ähnliche Themen: Mystart Trojaner eingefangen, Hilfe!!


  1. MyStart Incredi Toolbar eingefangen :(
    Log-Analyse und Auswertung - 31.01.2013 (10)
  2. Hilfe! GVU/BKA Trojaner eingefangen, ich brauche Hilfe dabei den Mist von meinem Lappi runter zu bekommen!
    Log-Analyse und Auswertung - 27.11.2012 (1)
  3. Mystart Incredibar eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2012 (7)
  4. Mystart incredibar eingefangen. wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (42)
  5. Mystart incredibar eingefangen. wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (1)
  6. MyStart Trojaner eingefangen!
    Log-Analyse und Auswertung - 21.10.2012 (34)
  7. MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (42)
  8. MyStart Incredibar Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (50)
  9. MyStart Incredibar eingefangen und anfänger!
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (17)
  10. MyStart incredible Virus/Trojaner eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (1)
  11. mystart.incredibar eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  12. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  13. MyStart incredibar trojaner Hilfe!
    Log-Analyse und Auswertung - 01.09.2012 (2)
  14. mystart.incredibar.com/mb165?a=6OyHDmBKyx&loc=FF_NT bei Download eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (17)
  15. mystart incredibar eingefangen - logfile liegt vor.
    Log-Analyse und Auswertung - 24.07.2012 (13)
  16. MyStart incredibar- Trojaner eingefangen!
    Log-Analyse und Auswertung - 11.07.2012 (1)
  17. HILFE HILFE HILFE HABE MIR EIN TROJANER EINGEFANGEN MIT DEN NAMEN TR/Drop.Toolbar.A.2
    Log-Analyse und Auswertung - 13.09.2006 (4)

Zum Thema Mystart Trojaner eingefangen, Hilfe!! - Hallo. Vorab - ich bin ein 16-jähriges Mädchen und hab nicht viel Ahnung vom Computern. Redet also bitte nicht in Computersprache, das hilft mir nicht weiter. Ich hab mich hier - Mystart Trojaner eingefangen, Hilfe!!...
Archiv
Du betrachtest: Mystart Trojaner eingefangen, Hilfe!! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.