Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: microsoft secure essentiel und antivir funktionieren nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.05.2011, 07:21   #1
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Guten Morgen,

ich habe seid einigen Tagen vollgendes Problem:

Habe wie gewohnt den PC angeschaltet bekomme dann Warnmeldungen das microsoft secure essentiel nicht aktiviert ist, habe dann versucht es zu aktivieren, bekomme aber die Meldung das es nicht möglich ist bzw. ein spezieller Code (keine Ahnung was damit gemeint ist) benötigt wird. Ich habe dann Antivir runter geladen, installiert, bekomme aber auch eine Fehlermeldung das die Ausführung nicht möglich ist.
Zeitgleich mit diesem Problem ist es auch nicht mehr möglich "normal" mit den I-net zu verbinden. Ich benutze einen W-lan stick, aber erst nachdem ich das Diagnose und Reparaturprogramm durch laufen lasse wird die Fritz-Box verbindung gefunden.

Was kann ich machen?

(Ich habe Vista 32-bit)

Geändert von knispe (10.05.2011 um 07:27 Uhr) Grund: vielleicht auch noch wichtig

Alt 10.05.2011, 11:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 10.05.2011, 14:41   #3
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Hallo und danke für´s verschieben,

scan mit malwarebites habe ich gemacht:

-----------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6546

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.05.2011 15:35:03
mbam-log-2011-05-10 (15-35-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149793
Laufzeit: 3 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

---------------------------------------
Nix gefunden...
__________________

Alt 10.05.2011, 15:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.05.2011, 15:14   #5
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Zitat:
Zitat von cosinus Beitrag anzeigen
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
Der Vollscan läuft... Was ist eigentlich die CustomScans/Fixes Textbox?


Alt 10.05.2011, 15:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Zitat:
Was ist eigentlich die CustomScans/Fixes Textbox?
Vllt wär es mal besser die liest erst richtig die Anleitungen bevor du sowas fragst!
__________________
--> microsoft secure essentiel und antivir funktionieren nicht

Alt 10.05.2011, 16:00   #7
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Vollständiger Scan ist durch, kein Fund (Updates habe ich vorher gecheckt).

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6546

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.05.2011 16:57:58
mbam-log-2011-05-10 (16-57-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 285174
Laufzeit: 46 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 10.05.2011, 16:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Gut. Dann mach bitte den CustomScan wie es in der Anleitung steht. Und wofür die Textbox da ist wirst du dann ja feststellen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.05.2011, 16:28   #9
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht





Sorry dafür, ich bin einfach total unerfahren und habe immer nen bisschen bammel wenn ich solche wichtigen Dinge am PC selber machen muss....

Alt 10.05.2011, 16:40   #10
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.05.2011 17:23:18 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jens&Viola\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,03 Gb Total Space | 140,13 Gb Free Space | 49,51% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,94 Gb Free Space | 46,27% Space Free | Partition Type: NTFS
Drive E: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DELL-PC | User Name: Jens&Viola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.10 17:22:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jens&Viola\Desktop\OTL.exe
PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.12.04 18:09:14 | 002,984,856 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010.08.20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010.07.20 23:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.10 17:22:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jens&Viola\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - File not found [Auto | Stopped] --  -- (MsMpSvc)
SRV - File not found [Auto | Stopped] --  -- (DockLoginService)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010.08.20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.04 21:55:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.10.24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.09 16:37:30 | 001,389,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009.01.13 14:39:40 | 000,138,240 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.05.15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.01.19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 10:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 10:55:47 | 000,000,000 | ---D | M]
 
[2009.10.13 10:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens&Viola\AppData\Roaming\mozilla\Extensions
[2011.05.10 07:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens&Viola\AppData\Roaming\mozilla\Firefox\Profiles\7gufyjqi.default\extensions
[2011.04.08 09:02:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jens&Viola\AppData\Roaming\mozilla\Firefox\Profiles\7gufyjqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 11:43:36 | 000,000,935 | ---- | M] () -- C:\Users\Jens&Viola\AppData\Roaming\Mozilla\Firefox\Profiles\7gufyjqi.default\searchplugins\conduit.xml
[2010.05.14 00:06:54 | 000,003,915 | ---- | M] () -- C:\Users\Jens&Viola\AppData\Roaming\Mozilla\Firefox\Profiles\7gufyjqi.default\searchplugins\sweetim.xml
[2011.05.10 10:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2009.10.12 18:32:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.02.05 12:02:36 | 000,219,904 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DXDllRegExe]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jens&Viola\Pictures\2008-09-10\juli 04.09.08 006.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jens&Viola\Pictures\2008-09-10\juli 04.09.08 006.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2010.10.04 03:27:16 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cdstart.exe -- [2010.10.04 03:14:24 | 001,419,984 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: MsMpSvc -  File not found
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.10 17:21:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jens&Viola\Desktop\OTL.exe
[2011.05.10 15:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jens&Viola\AppData\Roaming\Malwarebytes
[2011.05.10 15:27:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.10 15:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.10 15:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.10 15:27:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.10 15:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.10 15:25:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jens&Viola\Desktop\mbam-setup.exe
[2011.05.10 11:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.05.10 11:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.05.10 08:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.10 08:01:52 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.05.10 08:01:52 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.05.10 08:01:52 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.05.10 08:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.10 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.05.10 07:47:19 | 000,000,000 | ---D | C] -- C:\Users\Jens&Viola\AppData\Local\Winload
[2011.05.06 17:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.04.29 07:19:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Dell Touch Zone
[2011.04.16 12:22:59 | 001,389,056 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athur.sys
[2011.04.16 12:22:59 | 000,021,728 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SCMNdisP.sys
[2011.04.16 12:22:59 | 000,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2011.04.16 12:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Setup-Assistent
[2011.04.16 12:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011.04.16 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\Jens&Viola\AppData\Roaming\InstallShield
[2010.12.04 19:11:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jens&Viola\AppData\Roaming\pcouffin.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.10 17:22:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jens&Viola\Desktop\OTL.exe
[2011.05.10 17:19:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.10 17:19:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.10 16:57:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.10 15:59:47 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.10 15:27:21 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.10 15:26:53 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jens&Viola\Desktop\mbam-setup.exe
[2011.05.10 15:26:16 | 000,656,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.10 15:26:16 | 000,611,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.10 15:26:16 | 000,136,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.10 15:26:16 | 000,113,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.10 15:19:41 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.10 15:19:26 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.05.10 15:19:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.05.10 15:19:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.10 15:19:10 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.10 11:02:50 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.05.10 10:59:35 | 000,000,832 | ---- | M] () -- C:\Users\Jens&Viola\Desktop\Mozilla Firefox.lnk
[2011.05.10 10:59:35 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.10 08:12:03 | 000,377,282 | ---- | M] () -- C:\Users\Jens&Viola\Desktop\Load.exe
[2011.05.10 08:02:02 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.10 07:59:48 | 000,002,093 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.05.10 07:54:50 | 052,718,176 | ---- | M] () -- C:\Users\Jens&Viola\Desktop\avira_antivir_personal648_de.exe
[2011.05.06 15:24:38 | 000,319,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.30 15:19:17 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.04.16 12:22:53 | 000,000,701 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
[2011.04.16 12:22:53 | 000,000,683 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Setup-Assistent.lnk
[2011.04.15 10:46:36 | 000,025,669 | ---- | M] () -- C:\Users\Jens&Viola\Documents\Jan-Hendrik Umgangskontakte.odt
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.10 15:27:21 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.10 11:14:11 | 000,001,405 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Install_NSS.lnk
[2011.05.10 10:59:35 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.10 10:55:48 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.10 08:11:59 | 000,377,282 | ---- | C] () -- C:\Users\Jens&Viola\Desktop\Load.exe
[2011.05.10 08:02:02 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.10 07:44:40 | 052,718,176 | ---- | C] () -- C:\Users\Jens&Viola\Desktop\avira_antivir_personal648_de.exe
[2011.05.05 17:48:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011.04.16 12:22:53 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
[2011.04.16 12:22:53 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Setup-Assistent.lnk
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.02.17 10:06:49 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.04 23:35:25 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011.02.04 23:06:23 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini
[2010.12.04 19:11:06 | 000,087,608 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Roaming\inst.exe
[2010.12.04 19:11:06 | 000,007,887 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Roaming\pcouffin.cat
[2010.12.04 19:11:06 | 000,001,144 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Roaming\pcouffin.inf
[2010.09.26 11:59:26 | 000,000,214 | ---- | C] () -- C:\Windows\HP_48BitScanUpdatePatch.ini
[2010.09.26 11:36:02 | 000,074,224 | ---- | C] () -- C:\Windows\hpqins16.dat.temp
[2010.09.26 11:33:48 | 000,073,867 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010.08.20 17:15:02 | 000,034,480 | ---- | C] () -- C:\Windows\hpomdl03.dat.temp
[2010.08.20 17:15:02 | 000,028,960 | ---- | C] () -- C:\Windows\hpoins03.dat.temp
[2010.08.17 18:17:48 | 000,000,098 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Local\fusioncache.dat
[2010.07.26 17:17:49 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.02.17 21:21:13 | 000,001,088 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Roaming\wklnhst.dat
[2010.01.30 18:06:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.12.11 11:36:00 | 000,000,947 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Roaming\DataSafeDotNet.exe
[2009.12.04 00:10:17 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.11.01 18:20:26 | 000,001,356 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Local\d3d9caps.dat
[2009.10.20 18:04:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 18:04:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.13 09:50:26 | 000,032,550 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009.10.12 19:01:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.12 18:54:02 | 000,191,488 | ---- | C] () -- C:\Users\Jens&Viola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.08 17:38:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2009.04.29 00:38:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.28 13:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 09:15:58 | 000,656,228 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,136,740 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,319,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,611,162 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,113,202 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.12.05 15:39:35 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Ashampoo
[2010.02.01 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\avidemux
[2010.01.31 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Buhl Data Service
[2010.08.05 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Canneverbe Limited
[2010.09.21 16:37:38 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Cornelsen
[2010.12.04 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\DeepBurner
[2010.05.27 20:13:01 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\DriverCure
[2011.02.17 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\elsterformular
[2009.11.07 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\FarmingSimulator2008
[2010.12.05 13:35:22 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\FreshDiagnose
[2010.03.14 23:44:04 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\InfraRecorder
[2010.01.30 18:05:45 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Leadertech
[2010.10.16 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\MAGIX
[2009.10.29 21:31:42 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Music Editor Free
[2009.12.03 20:17:37 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Octoshape
[2010.02.13 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\OpenOffice.org
[2009.10.12 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Opera
[2010.12.14 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\PCDr
[2010.02.17 21:21:14 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Template
[2011.02.22 23:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\TS3Client
[2010.12.05 13:36:11 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Uniblue
[2010.12.04 19:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Vso
[2009.11.09 01:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Windows Live Writer
[2011.04.30 15:19:17 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.05.10 12:10:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.10 11:02:50 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.16 11:53:16 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Adobe
[2010.10.29 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Apple Computer
[2010.12.05 15:39:35 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Ashampoo
[2010.02.01 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\avidemux
[2010.09.01 13:29:23 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\AVS4YOU
[2010.01.31 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Buhl Data Service
[2010.08.05 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Canneverbe Limited
[2010.09.21 16:37:38 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Cornelsen
[2010.12.04 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\DeepBurner
[2010.02.14 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Dell
[2011.05.10 15:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Dell Touch Zone
[2009.11.30 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\DivX
[2010.05.27 20:13:01 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\DriverCure
[2010.12.04 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\dvdcss
[2011.02.17 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\elsterformular
[2009.11.07 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\FarmingSimulator2008
[2010.12.05 13:35:22 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\FreshDiagnose
[2009.10.12 18:17:17 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Identities
[2010.03.14 23:44:04 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\InfraRecorder
[2011.04.16 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\InstallShield
[2010.01.30 18:05:45 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Leadertech
[2009.10.12 18:25:05 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Macromedia
[2010.10.16 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\MAGIX
[2011.05.10 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Media Center Programs
[2011.05.05 19:30:01 | 000,000,000 | --SD | M] -- C:\Users\Jens&Viola\AppData\Roaming\Microsoft
[2010.12.06 13:12:31 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Mozilla
[2009.10.29 21:31:42 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Music Editor Free
[2010.12.04 22:42:46 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Nero
[2009.12.03 20:17:37 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Octoshape
[2010.02.13 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\OpenOffice.org
[2009.10.12 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Opera
[2010.12.14 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\PCDr
[2011.04.17 14:44:44 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Skype
[2011.04.17 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\skypePM
[2010.02.17 21:21:14 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Template
[2011.02.22 23:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\TS3Client
[2010.12.05 13:36:11 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Uniblue
[2011.01.29 11:43:47 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\vlc
[2010.12.04 19:17:43 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Vso
[2009.11.09 01:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\Windows Live Writer
[2011.03.24 16:14:12 | 000,000,000 | ---D | M] -- C:\Users\Jens&Viola\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.12.12 10:56:34 | 000,000,947 | ---- | M] () -- C:\Users\Jens&Viola\AppData\Roaming\DataSafeDotNet.exe
[2010.12.04 19:17:43 | 000,087,608 | ---- | M] () -- C:\Users\Jens&Viola\AppData\Roaming\inst.exe
[2010.12.14 13:54:32 | 051,571,472 | ---- | M] (Dell Inc) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Binaries\full_5744_02_32_06.exe
[2010.10.12 14:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Rules\20fdd6d1-896a-40b8-9b07-269dff579a6d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 14:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Rules\28ffa179-59b9-42a7-a8f1-97ae6e94f7c8\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 14:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Rules\2c9d92ab-dd4b-448c-9458-b2d84973da5f\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 14:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Rules\3d48a5a9-5daa-4877-9bae-5a40dbe92349\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 14:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Rules\692c10cf-ad19-41ca-bcd5-5ad55538c8ac\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 14:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Jens&Viola\AppData\Roaming\PCDr\Update\Rules\7fd807cd-9976-43fa-839b-aa9cde8fe478\DellSignedAppUpdaterRules\AddCertificate.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.01.14 05:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Drivers\storage\R208088\IaStor.sys
[2009.01.14 05:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys
[2009.01.14 05:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3c4af4a0\iaStor.sys
[2009.01.14 05:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_976b5a8f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.12.04 21:55:47 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >
         
--- --- ---
------------------------------------------------------
Extras.Txt - Editor:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.05.2011 17:23:18 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jens&Viola\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,03 Gb Total Space | 140,13 Gb Free Space | 49,51% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,94 Gb Free Space | 46,27% Space Free | Partition Type: NTFS
Drive E: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DELL-PC | User Name: Jens&Viola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07530760-1455-44CE-8C57-29F7DE67E28D}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{11CA9DAC-BE3A-479D-A600-BB836B7E63CD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{157DEA3A-0063-4E45-A126-9EE329A43123}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{516F01AB-5B66-48B3-B43E-7324C10490E8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C976167-E96B-4E37-99B7-694778D301E9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{63A2D00A-399F-408D-A499-C1D324A2300E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C9E02E0-3251-4B72-B8C7-E9A44924D0AD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6F9E4BED-532A-4418-A902-D4F2825AE1ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7AD48678-EEC7-4275-9C37-C153F2CCD18A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8D1D079D-F1A2-49A2-955B-FFC084EDEDEA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp1\wnt500x86\rpcsandrasrv.exe | 
"{9A780154-3BFA-4456-8093-159FE6EE0FBF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9F9F2DFC-B4E6-4062-A2A5-2E0777C1123A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0CBE08A-D4CC-444B-9AA4-88D751BED5CE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A7E7A434-6B3D-4361-AA0E-AB6D9B6E2334}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A95A9186-E592-4EE0-BA03-B450868B6058}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7D48246-69C7-418D-A7C0-AB032C1D28BC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C08DE257-1E99-4472-9841-BCF84F48D1A3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C219387E-1889-44A0-B09C-1C47AE009B66}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CEAE1D1B-F97E-4BEB-8BF5-D819B0F4D99B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E44FE7B8-AFD0-4C9D-9C86-A532C28668EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F191A02F-4E1C-4CE3-B44B-1061D29C246C}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0453E022-5E6E-4B75-AE27-32D36C00E439}" = protocol=17 | dir=in | app=c:\users\jens&viola\desktop\sweetimsetup.exe | 
"{0BFA7B78-CB1A-419A-8F45-98A7B6975277}" = protocol=6 | dir=in | app=c:\users\jens&viola\desktop\sweetimsetup.exe | 
"{1164A6F8-9328-4D1D-9E8A-288ECEE4C714}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1BA55C8E-598F-48BF-92FE-2E15A0EC382E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1BAB639A-CEE9-47B2-9E68-07B6EB62E3B9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1E033133-CAF8-4CC0-82D7-9A1346AA4E2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3886ABB2-5E45-4B19-9770-DF5EA879877B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{397BAA54-91A2-446B-8628-A46188AF40A6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3AE5B46F-C819-4BE1-A84F-7D1A745334EB}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{498C1FE2-1867-4167-8FD9-41EA51A02319}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5FE58A6D-E61C-472B-B85F-327D4137C0F4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{64F8FD10-D993-42E7-BA2E-E0BC1832FD2B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6922B6EC-1C6E-43C0-AF3B-D6D0CC96E643}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{853BC3A4-A1E6-44EE-B713-6CAB19E06BBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8A4ACE59-9CE5-4C16-89D7-684927E558E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{95CF56FE-2661-431D-8532-127A61B37448}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{A04E3463-1B4D-4998-93B7-2A1237D45CE4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A86A8A93-CCB6-44E2-8D9B-44A977398AD5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{AA7ABF2F-5122-4E10-ACA6-C1EF7BB1CEDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AD9EA895-0450-4522-9DC8-89D836DE4B80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AFF1C3BA-3049-47A9-BA28-5C61D8C2E5AA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CD80DA4C-A93C-433C-89F8-BE0807C1EBDC}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{F635DA51-1223-449E-B6AE-601CB86A7386}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{F9939EF6-1C27-462C-800E-5896B3E65B32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{31A3CE01-52FA-46B5-BE40-91E21E596A5E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{4850B728-14DC-4663-A864-31EEC0C925E6}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{64546F6A-EACC-451C-856E-DF0672E4A23C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{83301CF6-2BD3-4DE3-9BF2-3016CA5F78CF}C:\users\jens&viola\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\jens&viola\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{8B176421-0297-4651-9CE2-FE220A50A4DC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{A8702B7F-A0C6-4FD7-B3B2-859AC1540A43}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{F4BF7883-4CB9-4107-965E-D2A403F1AC26}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{0F6E3EB9-2127-44CE-91FF-9669510AC9F8}C:\users\jens&viola\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\jens&viola\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{315E0374-914D-4556-8C2E-CEE632E20993}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6A256927-5D34-485E-B32E-40BA0FB4CC14}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6D93E4DB-3EA4-4D30-A52D-9C4C392BFA97}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{796DBF60-4AFC-4CF8-A49E-DC855A183F69}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{C7635B4B-7354-4907-AAA6-50873F01A438}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{EE5B2F61-E959-41A7-975B-E78A56F6D009}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DF83044-3E5E-4FAE-BEA2-6587D8749493}" = Dell Touch Zone
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.10.2092" = Opera 11.10
"PDF Reader 3" = PDF Reader 3
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR 4.00 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1 
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2010 13:49:53 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2010 18:29:10 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2010 01:57:44 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2010 04:33:44 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2010 08:09:56 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2010 08:52:50 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2010 15:21:04 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2010 16:13:48 | Computer Name = Dell-PC | Source = Application Hang | ID = 1002
Description = Programm lotroclient.exe, Version 3.2.5.8031 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: d58  Anfangszeit: 01cb98a00108494a  Zeitpunkt
 der Beendigung: 530
 
Error - 11.12.2010 01:27:00 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2010 05:53:44 | Computer Name = Dell-PC | Source = Application Hang | ID = 1002
Description = Programm lotroclient.exe, Version 3.2.5.8031 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: f7c  Anfangszeit: 01cb990c7afa6579  Zeitpunkt
 der Beendigung: 88
 
[ Dell Events ]
Error - 14.12.2010 11:18:06 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 14.12.2010 11:18:06 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.01.2011 14:22:29 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.01.2011 14:22:30 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 31.01.2011 19:13:23 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 31.01.2011 19:13:23 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.02.2011 17:59:47 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.02.2011 17:59:47 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 27.02.2011 10:14:38 | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 10.05.2011 09:20:31 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.05.2011 09:21:25 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.05.2011 09:21:25 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2011 09:21:28 | Computer Name = Dell-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 10.05.2011 09:21:28 | Computer Name = Dell-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 10.05.2011 09:21:28 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.05.2011 09:21:31 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.05.2011 09:59:44 | Computer Name = Dell-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.05.2011 09:59:44 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.05.2011 09:59:44 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 10.05.2011, 18:31   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWin0.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2010.10.04 03:27:16 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cdstart.exe -- [2010.10.04 03:14:24 | 001,419,984 | R--- | M] ()
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.05.2011, 21:14   #12
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Program Files\Winload\tbWin0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWin0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWin0.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9339f4e-b3dd-11de-94bc-806e6f6e6963}\ not found.
File move failed. E:\cdstart.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jens&Viola
->Temp folder emptied: 2964827 bytes
->Temporary Internet Files folder emptied: 4714187 bytes
->Java cache emptied: 8011776 bytes
->FireFox cache emptied: 103873273 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 1578405 bytes
->Flash cache emptied: 8037 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1934 bytes
RecycleBin emptied: 33813705 bytes

Total Files Cleaned = 148,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05102011_220612

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\cdstart.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Außerdem bekomme ich folgende Warnmeldung seitdem ich versucht habe Antivir zu installieren (in der Übersicht wird angezeigt das Antivir nicht akutell sei, dabei habe ich das aktuellste bei CHIP runter geladen):
avgnt.exe
"?-Xbad@tr1@std@@YAXW4error-tupe@regex_constants@12@@Z" wurde in der DLL "MSVCP90.dll" nicht gefunden

Alt 10.05.2011, 21:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.05.2011, 05:54   #14
knispe
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Guten Morgen



2011/05/11 06:51:51.0720 3740 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 06:51:52.0094 3740 ================================================================================
2011/05/11 06:51:52.0094 3740 SystemInfo:
2011/05/11 06:51:52.0094 3740
2011/05/11 06:51:52.0094 3740 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/11 06:51:52.0094 3740 Product type: Workstation
2011/05/11 06:51:52.0094 3740 ComputerName: DELL-PC
2011/05/11 06:51:52.0094 3740 UserName: Jens&Viola
2011/05/11 06:51:52.0094 3740 Windows directory: C:\Windows
2011/05/11 06:51:52.0094 3740 System windows directory: C:\Windows
2011/05/11 06:51:52.0094 3740 Processor architecture: Intel x86
2011/05/11 06:51:52.0094 3740 Number of processors: 2
2011/05/11 06:51:52.0094 3740 Page size: 0x1000
2011/05/11 06:51:52.0094 3740 Boot type: Normal boot
2011/05/11 06:51:52.0094 3740 ================================================================================
2011/05/11 06:51:52.0500 3740 Initialize success

Alt 11.05.2011, 09:20   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
microsoft secure essentiel und antivir funktionieren nicht - Standard

microsoft secure essentiel und antivir funktionieren nicht



Das Log ist etwas kurz. Hast du wirklich das Tool so eingestellt wie oben abgebildet?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu microsoft secure essentiel und antivir funktionieren nicht
32-bit, ahnung, aktiviere, aktivieren, aktiviert, antivir, ausführung, benötigt, code, essen, fehlermeldung, funktionieren, gemein, guten, i-net, installiert, meldungen, microsoft, morgen, nicht mehr, nicht möglich, problem, runter, secure, stick, verbindung, w-lan, warnmeldungen




Ähnliche Themen: microsoft secure essentiel und antivir funktionieren nicht


  1. Avira Antivir updatet nicht; Malwareprogramme funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 09.08.2015 (3)
  2. Windows 7/Avira Firewall nicht aktivierbar, Programme funktionieren nicht. Trojanerbefall?
    Log-Analyse und Auswertung - 23.09.2014 (14)
  3. Microsoft zieht die "Secure Boot"-Bremse
    Nachrichten - 12.06.2014 (0)
  4. Windows 7 Meldung Win32/Small-CA Virus entfernen, AntiVir findet nichts, Windows Update und Defender funktionieren nicht mehr
    Log-Analyse und Auswertung - 20.11.2013 (15)
  5. Microsoft Office 2010 - Programme funktionieren nicht mehr - Deinstallation nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (20)
  6. Google Weiterleitung auf unerwünschte Seiten, Microsoft Security Essentials und Windows Defender funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (10)
  7. Domains wie microsoft.com funktionieren nicht mehr
    Log-Analyse und Auswertung - 10.01.2013 (9)
  8. Firewall, Essentiel und Windows Defender können nicht mehr aktiviert werden
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  9. PCIE Slots Funktionieren Grafikkarten lanes Funktionieren nicht (Asus P8p67 Deluxe)
    Netzwerk und Hardware - 15.02.2012 (5)
  10. F-Secure Fehlfunktion (Scan startet nicht)
    Antiviren-, Firewall- und andere Schutzprogramme - 23.08.2011 (1)
  11. Antivir Secure für alle Windows user jetzt kostenlos
    Antiviren-, Firewall- und andere Schutzprogramme - 16.10.2010 (0)
  12. RUBotted findet was - Antivir, F-Secure etc aber nicht!
    Log-Analyse und Auswertung - 03.07.2010 (3)
  13. Microsoft Update funktionieren nicht
    Alles rund um Windows - 14.05.2010 (1)
  14. F-Secure: "Microsoft, bitte einen einfachen PDF-Viewer"
    Nachrichten - 03.05.2010 (0)
  15. MSN und Microsoft Seiten funktionieren nicht
    Alles rund um Windows - 05.03.2010 (5)
  16. antivir, hijack, spybot funktionieren nicht; von gmer.net/hijackthis.de auf google um
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (4)
  17. Updates und Downloads funktionieren nichtmehr. Antivir/Kaspersky/WinUpdate
    Log-Analyse und Auswertung - 11.12.2009 (3)

Zum Thema microsoft secure essentiel und antivir funktionieren nicht - Guten Morgen, ich habe seid einigen Tagen vollgendes Problem: Habe wie gewohnt den PC angeschaltet bekomme dann Warnmeldungen das microsoft secure essentiel nicht aktiviert ist, habe dann versucht es zu - microsoft secure essentiel und antivir funktionieren nicht...
Archiv
Du betrachtest: microsoft secure essentiel und antivir funktionieren nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.