| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer und Firefox laden Google nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.09.2011, 15:28
| #1 |
| |  Internet Explorer und Firefox laden Google nicht mehr Hallo zusammen, ich habe folgendes Problem: Meine IE und Firefox laden Google nicht mehr. Ich tippe einen Suchbegriff ein, drücke Enter und steht unten links im Brower "Fertig geladen", aber ich habe eine weiße Seite. Ich habe die Logs erstellt, hoffe es ist soweit richtig. OLT Logfile: Code:
ATTFilter OTL logfile created on: 18.09.2011 13:28:51 - Run 1 OTL by OldTimer - Version 3.2.29.0 Folder = C:\Users\benni\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,95 Mb Total Physical Memory | 333,69 Mb Available Physical Memory | 32,91% Memory free 1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,95 Gb Total Space | 98,72 Gb Free Space | 72,09% Space Free | Partition Type: NTFS Computer Name: BENNINET | User Name: benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.18 13:22:28 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe PRC - [2011.09.08 19:48:15 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2011.08.31 11:20:56 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe PRC - [2011.07.28 12:33:09 | 005,242,488 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.07.09 17:41:04 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.02 12:04:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.02 20:21:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.24 10:41:18 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.04.27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Programme\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.07 09:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.10.01 00:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe PRC - [2009.10.01 00:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe PRC - [2009.10.01 00:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerEvent.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\Registration\GregHSRW.exe PRC - [2009.08.24 04:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.01.30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe ========== Modules (No Company Name) ========== MOD - [2010.11.14 16:51:30 | 000,109,056 | ---- | M] () -- C:\Programme\Notepad++\NppShell_03.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.09 17:41:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 12:04:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.24 10:41:18 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.11.13 23:55:06 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2009.10.01 00:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.24 04:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011.07.28 12:27:08 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.07.09 17:41:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.09 17:41:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.24 10:41:18 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009.12.15 20:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2009.12.15 20:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2009.09.21 04:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.27 09:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009.06.24 04:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=em250&r=27b507103745l04c4zw65r44i26518 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=em250&r=27b507103745l04c4zw65r44i26518 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=em250&r=27b507103745l04c4zw65r44i26518 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.3:8080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: betterfacebook@mattkruse.com:5.921 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "192.168.1.3" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "192.168.1.3" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "192.168.1.3" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.1.3" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "192.168.1.3" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.06 17:40:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011.09.06 17:42:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.09.07 17:40:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.09.08 19:48:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 19:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.08 19:49:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.06 17:40:46 | 000,000,000 | ---D | M] [2010.08.30 16:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benni\AppData\Roaming\mozilla\Extensions [2011.09.17 19:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\6yrry0ib.default\extensions [2011.09.08 19:27:23 | 000,000,000 | ---D | M] (Better Facebook!) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\6yrry0ib.default\extensions\betterfacebook@mattkruse.com [2011.09.03 14:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.23 00:09:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.17 11:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.02.23 00:09:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.17 11:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.08 19:48:50 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91815E3C-A7E2-4F2B-9696-0A1A49EF866B}: DhcpNameServer = 192.168.0.10 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.18 13:22:27 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe [2011.09.14 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\dvdcss [2011.09.14 14:44:23 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\vlc [2011.09.14 14:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.09.14 14:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011.09.13 21:33:08 | 000,000,000 | ---D | C] -- C:\religiopolis [2011.09.12 17:33:05 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Local\HandBrake [2011.09.12 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2011.09.12 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2011.09.12 17:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [2011.09.08 19:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011.09.08 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2011.09.08 19:48:18 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2011.09.08 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Real [2011.09.08 19:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2011.09.08 19:47:56 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Real [2011.09.06 17:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2011.09.06 17:47:04 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\HP [2011.09.06 17:47:01 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Local\HP [2011.09.06 17:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2011.09.06 17:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2011.09.06 17:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2011.09.06 17:37:09 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\HpUpdate [2011.09.06 17:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.09.06 17:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2011.09.06 17:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2011.09.06 17:29:58 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll [2011.09.06 16:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.09.03 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.09.01 15:19:45 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\TuneUp Software [2011.09.01 15:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.09.01 15:17:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.09.01 14:39:51 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2011.09.01 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2011.09.01 12:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.09.01 12:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.09.01 12:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.09.01 12:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.09.01 12:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.09.01 12:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.09.01 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.08.30 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\NeroVision [2011.08.30 11:54:02 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\AnyDVDHD [2011.08.30 11:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2011.08.30 11:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2011.08.30 11:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft [2011.08.29 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\XBMC [2011.08.29 23:19:07 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC [2011.08.29 23:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\XBMC [2011.08.29 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2011.08.28 22:31:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011.08.28 22:27:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.08.20 18:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.08.20 18:48:19 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Canneverbe Limited [2011.08.19 15:24:52 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\Rescur System Avira [2009.11.13 23:32:00 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.09.18 13:22:28 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe [2011.09.18 13:20:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.18 13:14:33 | 000,000,000 | ---- | M] () -- C:\Users\benni\defogger_reenable [2011.09.18 13:12:11 | 000,050,477 | ---- | M] () -- C:\Users\benni\Desktop\Defogger.exe [2011.09.18 12:27:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.18 12:27:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.18 12:20:09 | 000,000,081 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.09.18 12:18:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.18 12:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.18 12:18:30 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys [2011.09.17 00:19:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.17 00:19:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.17 00:19:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.17 00:19:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.16 18:42:09 | 000,000,338 | ---- | M] () -- C:\Users\benni\Desktop\Why leave - YouTube.website [2011.09.14 14:43:42 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.09.14 14:34:05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.09.13 20:48:54 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk [2011.09.13 13:17:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.09.13 09:55:54 | 000,852,066 | ---- | M] () -- C:\Users\benni\Desktop\IMAG0058.jpg [2011.09.12 17:32:21 | 000,000,986 | ---- | M] () -- C:\Users\benni\Desktop\Handbrake.lnk [2011.09.08 19:49:10 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2011.09.08 19:49:10 | 000,001,333 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011.09.08 19:48:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2011.09.06 20:57:04 | 000,421,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.09.06 17:47:39 | 000,262,513 | ---- | M] () -- C:\Windows\hpwins23.dat [2011.09.06 17:40:22 | 000,002,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011.09.06 17:37:34 | 000,001,318 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2011.09.03 14:23:45 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.09.01 12:33:17 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.09.01 12:21:01 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.08.31 11:24:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.08.30 17:49:14 | 000,000,135 | ---- | M] () -- C:\Users\benni\AppData\Roaming\default.rss [2011.08.30 17:33:30 | 000,322,393 | ---- | M] () -- C:\Users\benni\Documents\vobmerge-2.52.zip [2011.08.30 11:21:08 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2011.08.29 12:08:45 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI [2011.08.19 13:58:55 | 000,000,192 | ---- | M] () -- C:\Users\benni\Desktop\Notfall-Live-System Datenrettung, Webzugang, etc. - Forum - CHIP Online.url ========== Files Created - No Company Name ========== [2011.09.18 13:14:33 | 000,000,000 | ---- | C] () -- C:\Users\benni\defogger_reenable [2011.09.18 13:13:01 | 000,050,477 | ---- | C] () -- C:\Users\benni\Desktop\Defogger.exe [2011.09.16 18:42:09 | 000,000,338 | ---- | C] () -- C:\Users\benni\Desktop\Why leave - YouTube.website [2011.09.14 14:43:42 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.09.13 20:48:54 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk [2011.09.13 13:17:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.09.13 10:01:59 | 000,852,066 | ---- | C] () -- C:\Users\benni\Desktop\IMAG0058.jpg [2011.09.12 17:32:21 | 000,000,986 | ---- | C] () -- C:\Users\benni\Desktop\Handbrake.lnk [2011.09.08 19:49:10 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2011.09.08 19:49:10 | 000,001,333 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011.09.06 17:42:26 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk [2011.09.06 17:42:01 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.09.06 17:40:22 | 000,002,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011.09.06 17:38:14 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2011.09.06 17:37:34 | 000,001,318 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2011.09.06 17:30:37 | 000,262,513 | ---- | C] () -- C:\Windows\hpwins23.dat [2011.09.06 17:30:36 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2011.09.03 14:23:45 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.09.01 12:33:17 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.09.01 12:21:01 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.08.31 11:24:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.08.30 17:49:14 | 000,000,135 | ---- | C] () -- C:\Users\benni\AppData\Roaming\default.rss [2011.08.30 17:33:11 | 000,322,393 | ---- | C] () -- C:\Users\benni\Documents\vobmerge-2.52.zip [2011.08.30 11:53:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.08.30 11:25:19 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.30 11:21:08 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2011.08.29 12:08:44 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.08.19 13:58:55 | 000,000,192 | ---- | C] () -- C:\Users\benni\Desktop\Notfall-Live-System Datenrettung, Webzugang, etc. - Forum - CHIP Online.url [2011.05.02 13:26:27 | 000,000,000 | ---- | C] () -- C:\Users\benni\AppData\Local\{EB298E6E-6B03-4DF2-ABA5-BCD136B7A839} [2011.03.06 22:07:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UTSCSI.EXE [2011.02.23 09:09:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.23 09:09:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.01.19 12:55:01 | 000,018,047 | ---- | C] () -- C:\Users\benni\AppData\Roaming\UserTile.png [2011.01.13 19:03:11 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml3rd.dll [2010.11.22 14:46:17 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2010.08.30 19:42:49 | 000,000,000 | ---- | C] () -- C:\Users\benni\AppData\Roaming\wklnhst.dat [2010.08.30 16:42:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.03.06 21:15:03 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.03.06 21:15:02 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.03.06 21:15:02 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.03.06 21:15:02 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.11.13 23:29:14 | 000,123,780 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.11.13 23:29:14 | 000,001,496 | ---- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat [2009.11.13 23:29:14 | 000,000,728 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.11.13 23:29:14 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.11.13 23:29:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.11.13 23:29:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.11.13 23:29:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.11.13 23:29:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,421,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.02.18 11:40:07 | 000,000,000 | -HSD | M] -- C:\Users\benni\AppData\Roaming\.# [2011.08.20 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\Canneverbe Limited [2010.08.10 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\GameConsole [2011.07.28 16:30:53 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\gtk-2.0 [2010.11.15 22:00:18 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\Notepad++ [2011.04.01 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\SMART Notebook SE [2010.10.08 10:28:21 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\SMART Technologies [2010.10.07 14:25:43 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\SMART Technologies Inc [2010.09.25 22:48:44 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\Stykz [2010.08.30 19:43:30 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\Template [2010.11.21 16:15:48 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\TS3Client [2011.09.01 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\TuneUp Software [2011.08.30 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\XBMC [2011.08.29 12:03:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.07 19:24:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.03.06 12:33:17 | 000,000,000 | ---D | M] -- C:\book [2011.09.17 00:33:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.29 08:29:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.11.13 23:23:17 | 000,000,000 | ---D | M] -- C:\Intel [2009.11.13 23:39:41 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.07.29 08:30:44 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.14 14:42:33 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.08 19:47:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.07.29 08:29:03 | 000,000,000 | -HSD | M] -- C:\Programme [2010.07.29 08:29:03 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.09.13 21:33:13 | 000,000,000 | ---D | M] -- C:\religiopolis [2011.09.18 13:37:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.08.07 19:27:02 | 000,000,000 | R--D | M] -- C:\Users [2011.09.18 12:18:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 22:33:59 ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4D066AD2 < End of report > OLT Extras Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.09.2011 13:28:51 - Run 1
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Users\benni\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,95 Mb Total Physical Memory | 333,69 Mb Available Physical Memory | 32,91% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 98,72 Gb Free Space | 72,09% Space Free | Partition Type: NTFS
Computer Name: BENNINET | User Name: benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7c9d49c3-a52c-4759-b6a7-766363b84f54}" = Nero 9 Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HandBrake" = HandBrake 0.9.5
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Identity Card" = Identity Card
"LManager" = Launch Manager
"MatlabR2011a" = MATLAB R2011a
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"RealPlayer 12.0" = RealPlayer
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2011 04:12:50 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8175
Error - 25.04.2011 04:12:50 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8175
Error - 25.04.2011 05:44:26 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.04.2011 05:44:26 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5504683
Error - 25.04.2011 05:44:26 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5504683
Error - 25.04.2011 09:36:56 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25.04.2011 09:36:56 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25.04.2011 09:36:56 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25.04.2011 09:36:56 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25.04.2011 09:36:56 | Computer Name = BENNINET | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ Cisco AnyConnect VPN Client Events ]
Error - 15.09.2011 16:03:06 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 15.09.2011 19:06:53 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 15.09.2011 19:06:53 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 15.09.2011 19:06:53 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7566 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 15.09.2011 19:06:53 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4116
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 15.09.2011 19:06:54 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 15.09.2011 19:06:54 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 17.09.2011 05:14:21 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 17.09.2011 09:47:03 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 18.09.2011 06:18:45 | Computer Name = BENNINET | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
[ System Events ]
Error - 17.09.2011 05:15:01 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 17.09.2011 09:47:44 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.09.2011 06:19:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 18.09.2011 07:35:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 18.09.2011 07:35:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 18.09.2011 07:35:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 18.09.2011 07:35:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7031
Description = Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 18.09.2011 07:35:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Telefonie" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 18.09.2011 07:36:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Arbeitsstationsdienst" Korrekturmaßnahmen (Neustart des Diensts)
durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 18.09.2011 07:37:22 | Computer Name = BENNINET | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-18 16:06:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: j5njzc0m.exe; Driver: C:\Users\benni\AppData\Local\Temp\agloqpob.sys
---- System - GMER 1.0.15 ----
SSDT 8071263E ZwCreateSection
SSDT 80712643 ZwSetContextThread
SSDT 807125DF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 81C749C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81C944E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 81C9B85C 4 Bytes [3E, 26, 71, 80]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 81C9BBFC 1 Byte [43]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 81C9BBFC 4 Bytes [43, 26, 71, 80]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 81C9BCD4 4 Bytes [DF, 25, 71, 80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2908] kernel32.dll!SetUnhandledExceptionFilter 760AF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Ich habe wirklich keinen Plan von dem Thema  .lg Benny |
|
19.09.2011, 13:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet Explorer und Firefox laden Google nicht mehr Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Führe danach auch bitte ESET aus, danach sehen wir weiter. ESET Online Scanner
n.
__________________ |
|
| Themen zu Internet Explorer und Firefox laden Google nicht mehr |
| 32 bit, alternate, antivir, autorun, avira, bho, bonjour, c:\windows\system32\rundll32.exe, document, error, excel, failed, fatal error, fehler, firefox, format, google, helper, hewlett packard, install.exe, internet, internet explorer, launch, locker, logfile, microsoft office word, office 2007, officejet, plug-in, problem, progressive, realtek, registry, rundll, scan, security, senden, software, usb 2.0, version=1.0, webcheck, windows |
