| |
| |||||||
Log-Analyse und Auswertung: Ich werde Rogue Residue nicht los!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.06.2011, 18:42
| #1 |
| |  Ich werde Rogue Residue nicht los! Hallo, Ich bin wirklich sehr mies in Computer Sachen. Seid bitte so gut und erklärt mir alles leicht verständlich. Ich habe diesen Trojaner, Virus oder was auch immer mit Malwarebytes gefunden und werde ihn nun nicht mehr los. Ich kann ihn zwar damit entfernen aber er ist schneller wieder da als ich gucken kann. Mein PC ist dadurch sehr langsam geworden und ich bekomme ständig Werbe pop ups. Jetzt habe ich wie beschrieben diesen defogger installiert und auf disable geklickt. Er hat mich aber nicht zum Neustart aufgefordert. Ich habe nun folgende log Datei auf meinem Desktop defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:08 on 01/06/2011 (Susanne) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Also nicht wirklich viel und nicht sehr hilfreich. Dann habe ich dieses OTL installiert und dann folgende Dateien erhalten:OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2011 10:41:33 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,90% Memory free 4,23 Gb Paging File | 2,59 Gb Available in Paging File | 61,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,18 Gb Total Space | 20,45 Gb Free Space | 20,62% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,92% Space Free | Partition Type: NTFS Computer Name: LAPTOP-**** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.01 10:39:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2011.05.10 08:39:47 | 012,594,352 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe PRC - [2011.04.30 21:23:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.04.04 20:06:39 | 000,622,592 | ---- | M] (arrendador) -- C:\Users\****\AppData\Local\idehjefi.exe PRC - [2011.03.30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.03.17 17:27:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.01 13:13:22 | 000,223,912 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avnotify.exe PRC - [2010.11.05 10:47:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.03.06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.03.06 22:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe ========== Modules (SafeList) ========== MOD - [2011.06.01 10:39:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr) SRV - [2011.04.30 21:23:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.03.17 17:27:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.05.07 14:36:10 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.03.19 14:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007.03.06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\MSI\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.03.17 17:27:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.29 20:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.24 19:58:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009.06.03 00:57:34 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.07.26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2007.08.29 07:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.08.29 07:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.05.18 07:09:28 | 007,111,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.06 22:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.02.25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.10.05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006.08.05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1071030 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1071030 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.27 11:21:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.02 17:53:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.22 17:06:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 22:04:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.10 08:39:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.02 17:53:17 | 000,000,000 | ---D | M] [2010.09.13 22:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.09.13 22:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.12.25 11:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.05.27 08:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions [2011.03.17 21:38:25 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.06.15 00:39:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.17 21:36:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.03.17 21:38:34 | 000,000,000 | ---D | M] (Personas) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\personas@christopher.beard [2008.01.05 12:47:08 | 000,001,878 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylxh6k4q.default\searchplugins\aolsearch.xml [2011.05.22 17:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.03 05:19:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.02.21 19:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2007.11.07 01:22:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007.11.15 23:49:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008.04.02 00:57:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009.06.10 11:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2011.02.21 19:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.27 11:21:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLXH6K4Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLXH6K4Q.DEFAULT\EXTENSIONS\FOXFILTER@INSPIREDEFFECT.NET.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.09.15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [idehjefi] c:\users\****\appdata\local\idehjefi.exe (arrendador) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\bttray.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\dsagnt.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\dsbrws.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\dshelp.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\install_flash_player.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\javaw.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\javaws.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\lxupdatemanager.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\quickset.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\tomtomhome.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\uninstall tomtom home.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0f81276d-d493-11de-a4d4-001dd9e56694}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe log.vbs O33 - MountPoints2\{d9f710ca-ce10-11dd-9ca8-001c23a7ae12}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.01 10:39:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.05.25 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Steuerfälle [2011.05.25 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\AAV [2011.05.25 15:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps [2011.05.25 15:30:21 | 000,000,000 | ---D | C] -- C:\Programme\Akademische Arbeitsgemeinschaft [2011.05.25 15:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV [2011.05.22 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.05.22 17:37:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.22 17:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 17:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 17:37:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.22 17:37:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.04 20:06:39 | 000,622,592 | ---- | C] (arrendador) -- C:\Users\****\AppData\Local\idehjefi.exe [2 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.01 10:46:27 | 000,003,741 | ---- | M] () -- C:\Users\****\AppData\Local\idehjefi.dat [2011.06.01 10:46:26 | 000,004,659 | ---- | M] () -- C:\Users\****\AppData\Local\idehjefi_navps.dat [2011.06.01 10:43:49 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{613B0433-1B55-4AF8-B6DE-D6398B0420D2}.job [2011.06.01 10:39:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.06.01 10:17:49 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.01 10:17:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.01 10:17:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.01 10:17:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.31 22:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.31 21:19:21 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.30 12:32:22 | 000,130,048 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.30 12:18:00 | 000,637,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.30 12:18:00 | 000,604,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.30 12:18:00 | 000,129,652 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.30 12:18:00 | 000,107,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.28 11:42:11 | 000,148,317 | ---- | M] () -- C:\Users\****\AppData\Roaming\nvModes.001 [2011.05.28 11:41:30 | 000,000,093 | ---- | M] () -- C:\Users\****\AppData\Local\ekkik.bat [2011.05.28 10:34:15 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys [2011.05.28 00:17:37 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.26 16:11:25 | 000,239,846 | ---- | M] () -- C:\Users\****\AppData\Local\idehjefi_nav.dat [2011.05.25 15:33:33 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2011.lnk [2011.05.22 17:37:52 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 17:06:51 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.21 15:05:56 | 000,002,445 | ---- | M] () -- C:\Users\****\Desktop\Nero - Burning Rom.lnk [2 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.25 15:33:33 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2011.lnk [2011.05.22 17:37:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 17:06:51 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.22 17:06:51 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.04 20:06:40 | 000,239,846 | ---- | C] () -- C:\Users\****\AppData\Local\idehjefi_nav.dat [2011.04.04 20:06:40 | 000,004,645 | ---- | C] () -- C:\Users\****\AppData\Local\idehjefi_navps.dat [2011.04.04 20:06:40 | 000,003,559 | ---- | C] () -- C:\Users\****\AppData\Local\idehjefi.dat [2011.02.18 22:54:55 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2010.04.04 03:02:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.03.29 15:00:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.03.29 15:00:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.09 21:27:56 | 000,000,093 | ---- | C] () -- C:\Users\****\AppData\Local\ekkik.bat [2009.07.03 20:07:48 | 000,490,539 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdbu.bin [2009.04.11 21:28:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.07.26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.05.16 16:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2008.04.21 13:14:23 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.04.21 13:12:52 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2008.02.08 19:25:02 | 000,007,592 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2008.02.07 19:58:59 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.01.23 23:36:42 | 000,000,552 | ---- | C] () -- C:\Users\****\AppData\Local\d3d8caps.dat [2007.12.10 21:06:42 | 000,024,206 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png [2007.11.29 19:42:32 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2007.11.05 19:47:05 | 000,130,048 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.05 16:55:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.11.05 12:49:56 | 000,148,317 | ---- | C] () -- C:\Users\****\AppData\Roaming\nvModes.001 [2007.11.05 12:36:30 | 000,148,317 | ---- | C] () -- C:\Users\****\AppData\Roaming\nvModes.dat [2007.10.30 08:07:46 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.10.30 08:07:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.30 00:26:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2007.10.30 00:26:40 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2007.10.30 00:23:15 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll [2007.10.30 00:13:31 | 000,005,332 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,637,068 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,129,652 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,308,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,322 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,462 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.02.10 14:55:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon [2009.03.23 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AVG7 [2010.05.18 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2010.02.19 01:58:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DeepBurner [2009.03.02 20:48:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2010.03.28 21:58:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware [2011.01.02 18:54:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia [2011.01.02 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia Ovi Suite [2009.09.24 10:07:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nseries [2008.12.30 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Pavtube [2011.01.24 19:08:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite [2009.03.02 01:24:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PeerNetworking [2011.03.27 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PlayFirst [2009.06.16 17:52:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Snapfish [2007.11.29 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template [2010.09.13 22:56:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2011.03.17 21:29:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tobit [2008.12.25 11:29:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TomTom [2011.03.17 22:12:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software [2008.10.03 18:06:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wimpomat2 [2011.01.02 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zylom [2011.05.28 00:17:41 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.01 10:43:49 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{613B0433-1B55-4AF8-B6DE-D6398B0420D2}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.11.05 12:28:29 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.01.02 18:16:12 | 000,000,000 | ---D | M] -- C:\87f3b0a17c29a1ae72ec1961b223876d [2007.12.11 15:54:46 | 000,000,000 | ---D | M] -- C:\BlueByte [2011.03.18 00:31:31 | 000,000,000 | -HSD | M] -- C:\Boot [2011.05.25 15:34:21 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2007.11.05 12:48:32 | 000,000,000 | ---D | M] -- C:\DELL [2007.10.30 07:55:23 | 000,000,000 | ---D | M] -- C:\doctemp [2007.11.05 12:26:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.10.30 07:54:45 | 000,000,000 | ---D | M] -- C:\Drivers [2010.03.28 21:17:04 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.25 15:30:21 | 000,000,000 | R--D | M] -- C:\Programme [2011.05.25 15:27:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.11.05 12:26:29 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.01 10:43:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.12.30 23:50:12 | 000,000,000 | ---D | M] -- C:\Temp_DVDCopy [2007.11.05 12:27:02 | 000,000,000 | R--D | M] -- C:\Users [2007.12.10 18:28:49 | 000,000,000 | ---D | M] -- C:\VTF [2008.01.03 12:10:21 | 000,000,000 | ---D | M] -- C:\WESTWOOD [2011.03.18 00:28:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2011.04.04 20:06:39 | 000,622,592 | ---- | M] (arrendador) -- C:\Users\****\AppData\Local\idehjefi.exe < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.16 20:57:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.16 20:57:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-31 12:19:12 < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Studium:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Sonstiges:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Schule:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Ebay:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.3 Installation Files:Roxio EMC Stream < End of report > und diese DateiOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2011 10:41:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,90% Memory free
4,23 Gb Paging File | 2,59 Gb Available in Paging File | 61,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,18 Gb Total Space | 20,45 Gb Free Space | 20,62% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,92% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-**** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07639B34-7061-48DC-8F3C-550BE44F2071}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07CE405B-85FC-4699-AB01-9B9D2A3EB6A3}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{0B29C2BA-2F9E-4EF0-AE04-42C0736BE362}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BD15E7B-3ADA-4DE4-983E-F9C437E5DCE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DF79D94-72CD-4732-AAB7-C47311F1B454}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17610C35-4CF9-4D64-80EC-0A3BE3F09390}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F816819-0C77-4083-8C0C-BC8C3B8C725B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{21301956-E6B4-43EB-8058-76525615731B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2162540F-A81C-496F-A94C-CEB4CD99AEB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28ABE5F0-B3ED-4E75-992B-4EFF330A7846}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DF6265A-2AE1-45A0-B455-1E3D25398AEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A10C537-981B-40DB-BFDD-B91B0D9C2D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D0BA092-0567-42C7-A7CD-22896345D7A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EB77359-2F2C-4126-9663-7C5563BBDF3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDDEA6E-28BB-4E9D-969E-5BEB59F5856E}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe |
"{47FF4E45-7D27-4FB4-8767-CE0848096AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B6960C9-3E8E-470E-9642-799272EDFF8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EB2D427-EEB4-4A5F-86B8-77FA17C4B403}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{514AE790-CEC6-4D18-B2E4-646A6656B84B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55FEA510-32C0-46E9-9CD0-393E8A10BC74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{585A7FB7-F5BB-4241-9B2E-A61D02AAE035}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CFD4DD2-BCB7-4D8E-9FA3-08067382AF3E}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{5CFD7C7E-8C3B-4432-AF24-09CDDCEDB680}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6307336A-7FF9-4B27-9B5B-9B5EF82F7070}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{64BE05DC-7627-444D-8C35-AEDC03B8262F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CAB0E7F-0110-4E76-B7D7-5AB1A0BB1631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7175641E-69A8-4044-B16C-D5A3BB104104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7220E428-B782-42C1-8B36-23ACDDBD7AE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{735ECD6E-C869-4641-8132-65D94DF4FE20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D510AD2-8AF0-412B-9AA7-4F04EB3E84CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80D448EB-E27C-4313-AF1D-FA74138FCD33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80F97876-8597-4C0A-945C-5E332894AE76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81015848-1528-45C5-858F-F07BCA7A980A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83876290-256E-4D16-B237-B3F3D2905C2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87398FB2-2190-4F74-A5D0-AA97F7623744}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{877915B4-E51E-4010-96F4-273C36BA1B5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87BBA7D9-8860-466F-8948-819F2068E023}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94E55B17-BCA0-47E6-9FB1-EC476AE7098F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F059040-B618-415F-8143-8B02D28772B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE5EB6F-6CE2-4214-A8F4-0358B48D6CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1F962E8-BB21-4825-9BAC-8A71D767656C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3A06ECC-1DCD-40DA-A8EB-BEED66945B8D}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{A592F5E8-1F6D-46BB-9BBC-94FE7276BF00}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{A5BC47FF-AAAD-4244-A25C-14E927C33954}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7C2E478-9C24-42AB-8D5F-4F1986DCFE87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9F87D40-7AC3-496A-AC79-848AF416AED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC7085BF-8EDC-41E0-BC7C-D8E38D051B7C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{ADDAB433-1373-46D1-9D70-5F9D29C16477}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B141E996-F43D-4F65-9723-40DC453C2420}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE87DE54-685D-4532-A372-4802BB8992DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1CEA169-CC70-4375-81AB-569E95003352}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA7836C5-312D-4C3E-A13C-8EF0613E4C8A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{D255D57C-4086-47C0-B57B-1925E3339D81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D288C1C9-413B-47A4-95C7-77DEDA3A844C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D7260091-8BEE-4811-9F64-B5F0CF4DAEB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D743693E-8BE8-4874-A127-065A9AA82989}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D88AE2E4-3AE1-4C23-9560-82F4554214EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA75401D-8A3F-4CB0-9635-A933B6D30F42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7F5C3A4-9FE9-4397-9F78-4B9856CEECB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9726281-A9E0-4A97-8208-48D9B2128BA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC4DCF34-7BBA-4DF9-BCC2-E7B240D3342B}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe |
"{EE3629BC-670E-4C6A-AA93-E00B0921B466}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2D7F576-4404-4A9B-ABD5-35DEEC3B2D88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F542EC2C-EC71-42E4-8411-913AC47573DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{151F009F-32E5-468B-ADE0-740232C7EBC3}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{4F798F1A-28F8-4E17-8CC6-FAF40ED5D385}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6A70D6AE-1A37-4578-9104-C9F57ED13A43}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8A043A59-3551-432D-95AE-13F74605BD6B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{B2A4D547-D104-4B2E-B052-0692F88FBDE6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D2A4FBBB-90D5-49C3-BD12-0F79CABF6159}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DBDFAB5C-7D48-4736-B6DF-A5A25874D978}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{E19DF7D8-8701-48DE-B319-1208898B4997}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{6359272A-7BB9-48BB-8585-9BDE13121F6D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{66B5868D-02A6-4558-AA0B-5ED829C1F9DD}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{7BBB2429-3332-4A80-BC10-257626692DC0}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{B5DEEC2A-F0D0-4F2A-A6D7-A3EA1385B85B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{B692B845-17DB-4CE2-9E12-7896C389C4BC}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D1C393D5-1E6F-45A6-96C5-C4413CEF274C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DF00832B-31DA-4549-8B4B-FCF28944C9B0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E60041FD-508D-4CEE-8544-24FAD484302D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01866A44-A697-4821-871F-1CB9F907E8DE}" = OpenOffice.org 2.3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"dm-Fotowelt" = dm-Fotowelt
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"fmdkiqh" = Favorit
"FujiDirekt_is1" = FujiDirekt 2.6
"Google Updater" = Google Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Dell Touchpad
"Tikal" = Tikal (remove only)
"TomTom HOME" = TomTom HOME 2.7.4.1962
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2011 16:00:17 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.05.2011 16:00:19 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2011 02:37:45 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2011 02:37:45 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2011 02:47:45 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2011 02:48:09 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2011 02:48:09 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2011 16:00:08 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.05.2011 07:28:07 | Computer Name = Laptop-**** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.05.2011 17:15:54 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 23.12.2010 10:24:23 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 23.12.2010 11:32:33 | Computer Name = Laptop-**** | Source = ehRecvr | ID = 3
Description =
Error - 07.03.2011 15:29:55 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 07.03.2011 18:02:13 | Computer Name = Laptop-**** | Source = ehRecvr | ID = 3
Description =
Error - 17.03.2011 14:20:40 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 25.03.2011 18:10:10 | Computer Name = Laptop-**** | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 03/25/2011 23:10:10
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 13.04.2011 12:47:06 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 02.05.2011 14:18:29 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 04.05.2011 14:43:55 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 22.05.2011 10:54:44 | Computer Name = Laptop-**** | Source = ehRecvr | ID = 3
Description =
[ System Events ]
Error - 27.05.2011 10:56:19 | Computer Name = Laptop-**** | Source = Print | ID = 6161
Description = Das Dokument KomprimierteSteuererklärung.pdf im Besitz von ****
konnte nicht auf dem Drucker Canon MP140 series Printer gedruckt werden. Versuchen
Sie erneut, das Dokument zu drucken, oder starten Sie den Druckspooler erneut.
Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes: 458752. Anzahl der gedruckten
Bytes: 110452. Gesamtanzahl der Seiten des Dokuments: 8. Anzahl der gedruckten
Seiten: 0. Clientcomputer: \\LAPTOP-****. Vom Druckprozessor zurückgegebener
Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 27.05.2011 10:58:04 | Computer Name = Laptop-**** | Source = Print | ID = 6161
Description = Das Dokument KomprimierteSteuererklärung.pdf im Besitz von ****
konnte nicht auf dem Drucker Canon MP140 series Printer gedruckt werden. Versuchen
Sie erneut, das Dokument zu drucken, oder starten Sie den Druckspooler erneut.
Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes: 458752. Anzahl der gedruckten
Bytes: 272320. Gesamtanzahl der Seiten des Dokuments: 8. Anzahl der gedruckten
Seiten: 0. Clientcomputer: \\LAPTOP-****. Vom Druckprozessor zurückgegebener
Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 27.05.2011 16:08:01 | Computer Name = Laptop-**** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 27.05.2011 17:50:28 | Computer Name = Laptop-**** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 28.05.2011 04:34:38 | Computer Name = Laptop-**** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
001DD936D9A8 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 28.05.2011 17:42:21 | Computer Name = Laptop-**** | Source = Service Control Manager | ID = 7011
Description =
Error - 28.05.2011 17:42:21 | Computer Name = Laptop-**** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 29.05.2011 08:17:14 | Computer Name = Laptop-**** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 30.05.2011 15:27:17 | Computer Name = Laptop-**** | Source = Service Control Manager | ID = 7011
Description =
Error - 01.06.2011 04:17:34 | Computer Name = Laptop-**** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
001DD936D9A8 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
So das ist jetzt alles was ich mit meinem sehr ungesunden Halbwissen auf die Kette bekommen habe(und das auch nur mit Hilfe) Ich hoffe irgendeiner kann mir helfen damit mein geliebter PC wieder funktioniert. Ganz lieben Gruß sunny88 |
|
01.06.2011, 21:31
| #2 | ||||
| /// Helfer-Team    | Ich werde Rogue Residue nicht los! Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Zitat:
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 2. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
5. ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! ** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten. Anleitung:-> GMER - Rootkit Scanner Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
06.06.2011, 05:03
| #3 |
| | Ich werde Rogue Residue nicht los! Hallo Kira,
__________________Schonmal ganz lieben Dank das du dich meines Problems annimmst. Hier alle Dateien die du angefordert hattest. Das Malwarebytes Ergebnis: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6782 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 06.06.2011 06:02:22 mbam-log-2011-06-06 (06-02-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150511 Laufzeit: 4 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) dann das CCleaner Ergebnis: AAVUpdateManager Akademische Arbeitsgemeinschaft 24.05.2011 18,5MB 16.00.0000 Adobe AIR Adobe Systems Inc. 02.07.2009 30,5MB 1.5.1.8210 Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 07.05.2009 1,78MB 10.0.12.36 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.04.2011 10.2.159.1 Adobe Reader 8.2.6 - Deutsch Adobe Systems Incorporated 20.02.2011 146,6MB 8.2.6 Advanced Audio FX Engine 29.10.2007 Advanced Video FX Engine 29.10.2007 Amazon MP3-Downloader 1.0.9 09.02.2011 2,56MB Assistant zum Anpassen des Dell-Systems Dell Inc. 28.10.2007 1.00.0000 Avira AntiVir Personal - Free Antivirus Avira GmbH 29.04.2011 121,4MB 10.0.0.648 Benutzerhandbuch 29.10.2007 0,82MB Broadcom Management Programs Broadcom Corporation 28.10.2007 10.15.03 Browser Address Error Redirector Dell 28.10.2007 1.00.0000 Canon MP Navigator 3.1 17.05.2010 17,6MB CCleaner Piriform 04.06.2011 3,68MB 3.07 CDex extraction audio 23.03.2008 3,67MB Conexant HDA D330 MDC V.92 Modem 29.10.2007 0,68MB Dell Support Center Dell 28.10.2007 1.0.07192 Dell Touchpad Synaptics 27.03.2010 17,2MB 9.1.18.6 Dell Webcam Center 29.10.2007 14,1MB Dell Webcam Manager 29.10.2007 0,77MB Dell Wireless WLAN Card Dell Inc. 29.10.2007 85,7MB 4.102.15.61 DellSupport Dell 28.10.2007 6.0.3075 Digital Line Detect BVRP Software, Inc 28.10.2007 0,27MB 1.21 dm-Fotowelt 21.12.2010 251MB Favorit 26.09.2010 Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 20.04.2008 6,34MB 2.0.0.1 FujiDirekt 2.6 15.06.2009 14,3MB Google Chrome Google Inc. 04.06.2011 166,6MB 11.0.696.71 Google Earth Google 23.09.2010 85,4MB 5.2.1.1588 Google Toolbar for Internet Explorer Google Inc. 21.05.2011 11,2MB 7.0.1710.2246 Google Updater Google Inc. 27.03.2009 3,43MB 2.4.1536.6592 Java(TM) 6 Update 2 Sun Microsystems, Inc. 06.11.2007 160,7MB 1.6.0.20 Java(TM) 6 Update 24 Sun Microsystems, Inc. 09.06.2009 94,5MB 6.0.240 Java(TM) 6 Update 3 Sun Microsystems, Inc. 14.11.2007 133,2MB 1.6.0.30 Java(TM) 6 Update 5 Sun Microsystems, Inc. 01.04.2008 136,2MB 1.6.0.50 Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 28.10.2007 1.6.0.0 Laptop Integrated Webcam Driver (1.03.02.0719) 30.10.2007 Lexware Info Service Lexware GmbH & Co. KG 27.03.2010 10,4MB 2.61.00.0033 Malwarebytes' Anti-Malware Malwarebytes Corporation 21.05.2011 4,80MB MediaDirect Dell 28.10.2007 64,7MB 4.7 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.08.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 27.03.2009 27,8MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 24,5MB 4.0.30319 Microsoft Office Excel Viewer Microsoft Corporation 31.01.2011 71,1MB 12.0.6219.1000 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 24.03.2011 14,1MB 12.0.4518.1014 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.03.2010 0,41MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04.06.2010 0,59MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.10.2010 0,58MB 9.0.30729.4148 Microsoft Works Microsoft Corporation 28.10.2007 08.05.0822 Mozilla Firefox 4.0.1 (x86 de) Mozilla 21.05.2011 34,8MB 4.0.1 Mozilla Thunderbird (3.1.10) Mozilla 09.05.2011 33,4MB 3.1.10 (de) MSXML 4.0 SP2 (KB936181) Microsoft Corporation 05.11.2007 1,27MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.11.2007 1,27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,34MB 4.20.9876.0 Nero - Burning Rom ahead software gmbh 18.02.2010 38,8MB 5.5.8.1 Nokia Connectivity Cable Driver Nokia 01.01.2011 3,27MB 7.1.36.0 Nokia Multimedia Common Components 2.4 Nokia 23.09.2009 15,6MB 2.4.190 Nokia Music Nokia Music 23.09.2009 24,3MB 1.3.20722 Nokia Ovi Suite Nokia 01.01.2011 79,2MB 3.0.0.284 Nokia Ovi Suite Software Updater Nokia Corporation 01.01.2011 42,2MB 02.06.006.44298 Nokia Software Updater Nokia Corporation 01.01.2011 44,6MB 02.06.006.44298 NVIDIA Drivers 27.03.2010 OpenOffice.org 2.3 OpenOffice.org 06.11.2007 312MB 2.3.9221 OutlookAddinSetup CyberLink 28.10.2007 0,98MB 1.0.0 PC Connectivity Solution Nokia 01.01.2011 12,9MB 10.50.2.0 QuickSet Dell Inc. 28.10.2007 8.0.11 QuickTime Apple Inc. 30.11.2008 74,2MB 7.55.90.70 RealPlayer RealNetworks 26.12.2010 92,6MB SigmaTel Audio SigmaTel 28.10.2007 23,3MB 5.10.5102.0 Skype Toolbars Skype Technologies S.A. 02.08.2010 5,25MB 1.0.4051 Skype™ 4.2 Skype Technologies S.A. 02.08.2010 31,8MB 4.2.169 Steuer-Spar-Erklärung 2011 Akademische Arbeitsgemeinschaft Verlag 24.05.2011 376MB 16.12 Tikal (remove only) 27.12.2009 98,4MB TomTom HOME 2.7.4.1962 TomTom 09.06.2010 47,4MB 2.7.4.1962 TomTom HOME Visual Studio Merge Modules TomTom International B.V. 09.06.2010 1,88MB 1.0.2 TuneUp Utilities 2011 TuneUp Software 04.06.2011 64,3MB 10.0.4100.74 VLC media player 0.9.9 VideoLAN Team 10.04.2009 63,1MB 0.9.9 WIDCOMM Bluetooth Software 6.0.1.3100 Dell 28.10.2007 6.0.1.3100 Winamp Nullsoft, Inc 04.01.2008 27,0MB 5.51 Windows Media Player Firefox Plugin Microsoft Corp 04.11.2007 0,29MB 1.0.0.8 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 01.01.2011 08/22/2008 7.0.0.0 WinRAR Archivierer 17.06.2009 3,39MB und dann noch das GMER Ergebnis: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-06 05:49:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0
Running: mplo7y8r.exe; Driver: C:\Users\Susanne\AppData\Local\Temp\awldifow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C009340, 0x343A87, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!SetWindowLongA 7786E7CD 5 Bytes JMP 63588DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!SetWindowLongW 778713B4 5 Bytes JMP 63588D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!GetWindowInfo 7787428E 5 Bytes JMP 633B7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!TrackPopupMenu 778814F3 5 Bytes JMP 633B7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateFile + 6 77CE422A 4 Bytes [28, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateFile + B 77CE422F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + 6 77CE497A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + 6 77CE497A 4 Bytes [28, 03, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + B 77CE497F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenFile + 6 77CE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenFile + B 77CE4A0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcess + 6 77CE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcess + B 77CE4A8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessToken + B 77CE4A9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessTokenEx + B 77CE4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThread + 6 77CE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThread + B 77CE4AFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadToken + 6 77CE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadToken + B 77CE4B0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryAttributesFile + 6 77CE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryAttributesFile + B 77CE4BAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationFile + 6 77CE513A 4 Bytes [28, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationFile + B 77CE513F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationThread + 6 77CE518A 4 Bytes [28, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationThread + B 77CE518F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 77CE542A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 77CE542A 4 Bytes [68, 03, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + B 77CE542F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] WS2_32.dll!closesocket 768D330C 5 Bytes JMP 10002DA6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] WS2_32.dll!WSASend 768D4496 5 Bytes JMP 10002A31
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] WS2_32.dll!send 768D659B 5 Bytes JMP 1000299C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] WS2_32.dll!WSAGetOverlappedResult 768D8143 5 Bytes JMP 10002C52
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2640] WS2_32.dll!WSARecv 768D8400 5 Bytes JMP 10002ADD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + 6 77CE422A 4 Bytes [28, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + B 77CE422F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + 6 77CE497A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + 6 77CE497A 4 Bytes [28, 03, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + B 77CE497F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + 6 77CE4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + B 77CE4A0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + 6 77CE4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + B 77CE4A8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessToken + B 77CE4A9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + B 77CE4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + 6 77CE4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + B 77CE4AFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + 6 77CE4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + B 77CE4B0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + 6 77CE4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + B 77CE4BAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + 6 77CE513A 4 Bytes [28, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + B 77CE513F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + 6 77CE518A 4 Bytes [28, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + B 77CE518F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + 6 77CE542A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + 6 77CE542A 4 Bytes [68, 03, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + B 77CE542F 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 77CA93A8 5 Bytes JMP 00921410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] WS2_32.dll!closesocket 768D330C 5 Bytes JMP 10002DA6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] WS2_32.dll!WSASend 768D4496 5 Bytes JMP 10002A31
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] WS2_32.dll!send 768D659B 5 Bytes JMP 1000299C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] WS2_32.dll!WSAGetOverlappedResult 768D8143 5 Bytes JMP 10002C52
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] WS2_32.dll!WSARecv 768D8400 5 Bytes JMP 10002ADD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] WS2_32.dll!closesocket 768D330C 5 Bytes JMP 10002DA6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] WS2_32.dll!WSASend 768D4496 5 Bytes JMP 10002A31
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] WS2_32.dll!send 768D659B 5 Bytes JMP 1000299C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] WS2_32.dll!WSAGetOverlappedResult 768D8143 5 Bytes JMP 10002C52
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3800] WS2_32.dll!WSARecv 768D8400 5 Bytes JMP 10002ADD
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2640] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3340] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:464] 8834225E
Thread System [4:592] 8F136658
Thread System [4:596] 91C0F226
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e56694
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e56694@001d252dc59b 0x42 0x97 0x41 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e56694@001cd48802fd 0x7A 0x87 0x29 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e56694@001df625e428 0x26 0x0F 0xCD 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e56694@0026cc4bc290 0x21 0xD4 0x81 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e56694@c8979f2ba36d 0x06 0xB3 0xA5 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9e56694 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9e56694@001d252dc59b 0x42 0x97 0x41 0x76 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9e56694@001cd48802fd 0x7A 0x87 0x29 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9e56694@001df625e428 0x26 0x0F 0xCD 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9e56694@0026cc4bc290 0x21 0xD4 0x81 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9e56694@c8979f2ba36d 0x06 0xB3 0xA5 0xE1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x14 0xA8 0x38 0x1D ...
---- EOF - GMER 1.0.15 ----
Ich hoffe sehr das das weiterhilft. Ganz Ganz lieben Dank sunny88  |
|
06.06.2011, 07:03
| #4 | |
| /// Helfer-Team | Ich werde Rogue Residue nicht los! zu Punkt 1.: Zitat:
Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [idehjefi] c:\users\****\appdata\local\idehjefi.exe (arrendador)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f81276d-d493-11de-a4d4-001dd9e56694}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe log.vbs
O33 - MountPoints2\{d9f710ca-ce10-11dd-9ca8-001c23a7ae12}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2011.06.01 10:46:27 | 000,003,741 | ---- | M] () -- C:\Users\****\AppData\Local\idehjefi.dat
[2011.06.01 10:46:26 | 000,004,659 | ---- | M] () -- C:\Users\****\AppData\Local\idehjefi_navps.dat
[2011.05.26 16:11:25 | 000,239,846 | ---- | M] () -- C:\Users\****\AppData\Local\idehjefi_nav.dat
:Commands
[purity]
[emptytemp]
2. Deinstalliere unter `Start→ Systemsteuereung→ Programme und Funktionen` Code:
ATTFilter Favorit - Adware -Toolbar Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 4. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 5. reinige dein System mit Ccleaner:
6. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
06.06.2011, 11:23
| #5 |
| | Ich werde Rogue Residue nicht los! Okay das ist ja gar nicht so einfach. Also hier das Ergebnis von OTL: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\idehjefi deleted successfully. c:\users\Susanne\appdata\local\idehjefi.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f81276d-d493-11de-a4d4-001dd9e56694}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f81276d-d493-11de-a4d4-001dd9e56694}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe log.vbs not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f710ca-ce10-11dd-9ca8-001c23a7ae12}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9f710ca-ce10-11dd-9ca8-001c23a7ae12}\ not found. File F:\InstallTomTomHOME.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Users\Susanne\AppData\Local\idehjefi.dat moved successfully. C:\Users\Susanne\AppData\Local\idehjefi_navps.dat moved successfully. C:\Users\Susanne\AppData\Local\idehjefi_nav.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Susanne ->Temp folder emptied: 788282 bytes ->Temporary Internet Files folder emptied: 79319778 bytes ->Java cache emptied: 84805882 bytes ->FireFox cache emptied: 90331581 bytes ->Google Chrome cache emptied: 6158668 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 2036971 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 29504 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2686914 bytes RecycleBin emptied: 3261116 bytes Total Files Cleaned = 257,00 mb OTL by OldTimer - Version 3.2.23.0 log created on 06062011_105659 Files\Folders moved on Reboot... Registry entries deleted on Reboot... weiteres folgt nach dem Neustart! |
|
06.06.2011, 11:40
| #6 |
| | Ich werde Rogue Residue nicht los! Und hier der OTL scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2011 12:29:05 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,53% Memory free 4,23 Gb Paging File | 3,19 Gb Available in Paging File | 75,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,18 Gb Total Space | 22,20 Gb Free Space | 22,38% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,92% Space Free | Partition Type: NTFS Computer Name: LAPTOP-**** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Windows\sttray.exe (SigmaTel, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MSI\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1071030 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1071030 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.27 11:21:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.02 17:53:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.22 17:06:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 22:04:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.10 08:39:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.02 17:53:17 | 000,000,000 | ---D | M] [2010.09.13 22:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.09.13 22:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.12.25 11:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.05.27 08:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions [2011.03.17 21:38:25 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.06.15 00:39:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.17 21:36:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.03.17 21:38:34 | 000,000,000 | ---D | M] (Personas) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ylxh6k4q.default\extensions\personas@christopher.beard [2008.01.05 12:47:08 | 000,001,878 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ylxh6k4q.default\searchplugins\aolsearch.xml [2011.06.06 12:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.03 05:19:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.06.06 12:17:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2009.06.10 11:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2011.06.06 12:17:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2010.12.27 11:21:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLXH6K4Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLXH6K4Q.DEFAULT\EXTENSIONS\FOXFILTER@INSPIREDEFFECT.NET.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.06.06 12:16:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.09.15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\bttray.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\dsagnt.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\dsbrws.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\dshelp.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\install_flash_player.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\lxupdatemanager.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\quickset.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\tomtomhome.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\uninstall tomtom home.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.06 12:17:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.06.06 12:16:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.06.06 12:16:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.06.06 12:16:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.06 12:14:20 | 016,770,848 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\****\Desktop\jre-6u25-windows-i586-s.exe [2011.06.06 10:56:59 | 000,000,000 | ---D | C] -- C:\_OTL [2011.06.05 22:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.05 22:43:34 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.06.05 22:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.06.05 22:41:08 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup307.exe [2011.06.05 20:37:28 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.06.05 20:37:28 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.06.01 10:39:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.05.25 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Steuerfälle [2011.05.25 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\AAV [2011.05.25 15:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps [2011.05.25 15:30:21 | 000,000,000 | ---D | C] -- C:\Programme\Akademische Arbeitsgemeinschaft [2011.05.25 15:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV [2011.05.22 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.05.22 17:37:52 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.22 17:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 17:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 17:37:46 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.22 17:37:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.06 12:33:03 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{613B0433-1B55-4AF8-B6DE-D6398B0420D2}.job [2011.06.06 12:27:40 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.06.06 12:26:09 | 000,148,317 | ---- | M] () -- C:\Users\****\AppData\Roaming\nvModes.001 [2011.06.06 12:25:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.06 12:25:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 12:25:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 12:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.06 12:24:54 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys [2011.06.06 12:24:08 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.06.06 12:22:16 | 000,000,850 | ---- | M] () -- C:\Users\****\Documents\cc_20110606_122212.reg [2011.06.06 12:21:43 | 000,036,688 | ---- | M] () -- C:\Users\****\Documents\cc_20110606_122127.reg [2011.06.06 12:16:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.06.06 12:16:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.06.06 12:16:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.06 12:16:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.06.06 12:14:51 | 016,770,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\****\Desktop\jre-6u25-windows-i586-s.exe [2011.06.06 12:13:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.06 11:04:06 | 000,637,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.06 11:04:06 | 000,604,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.06 11:04:06 | 000,129,652 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.06 11:04:06 | 000,107,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.06 10:52:22 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.06.06 05:56:08 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.05 22:45:57 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\mplo7y8r.exe [2011.06.05 22:43:36 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.05 22:41:09 | 003,096,424 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup307.exe [2011.06.05 20:37:25 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.06.05 20:37:25 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.06.05 20:32:36 | 000,000,093 | ---- | M] () -- C:\Users\****\AppData\Local\ekkik.bat [2011.06.01 18:32:24 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2011.06.01 18:31:39 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2011.06.01 10:39:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.05.30 12:32:22 | 000,130,048 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.25 15:33:33 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2011.lnk [2011.05.22 17:06:51 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.21 15:05:56 | 000,002,445 | ---- | M] () -- C:\Users\****\Desktop\Nero - Burning Rom.lnk [2011.05.20 13:49:26 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.05.20 13:43:30 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.05.20 13:43:18 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.06 12:22:14 | 000,000,850 | ---- | C] () -- C:\Users\****\Documents\cc_20110606_122212.reg [2011.06.06 12:21:30 | 000,036,688 | ---- | C] () -- C:\Users\****\Documents\cc_20110606_122127.reg [2011.06.05 22:45:56 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\mplo7y8r.exe [2011.06.05 22:43:36 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.05 22:43:31 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.06.05 20:30:17 | 2145,583,104 | -HS- | C] () -- C:\hiberfil.sys [2011.06.01 18:32:24 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2011.06.01 18:31:38 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2011.05.25 15:33:33 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2011.lnk [2011.05.22 17:37:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 17:06:51 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.22 17:06:51 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.02.18 22:54:55 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2010.04.04 03:02:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.03.29 15:00:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.03.29 15:00:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.09 21:27:56 | 000,000,093 | ---- | C] () -- C:\Users\****\AppData\Local\ekkik.bat [2009.07.03 20:07:48 | 000,490,539 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdbu.bin [2009.04.11 21:28:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.07.26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.05.16 16:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2008.04.21 13:14:23 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.04.21 13:12:52 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2008.02.08 19:25:02 | 000,007,592 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2008.02.07 19:58:59 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.01.23 23:36:42 | 000,000,552 | ---- | C] () -- C:\Users\****\AppData\Local\d3d8caps.dat [2007.12.10 21:06:42 | 000,024,206 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png [2007.11.29 19:42:32 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2007.11.05 19:47:05 | 000,130,048 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.05 16:55:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.11.05 12:49:56 | 000,148,317 | ---- | C] () -- C:\Users\****\AppData\Roaming\nvModes.001 [2007.11.05 12:36:30 | 000,148,317 | ---- | C] () -- C:\Users\****\AppData\Roaming\nvModes.dat [2007.10.30 08:07:46 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.10.30 08:07:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.30 00:26:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2007.10.30 00:26:40 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2007.10.30 00:23:15 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll [2007.10.30 00:13:31 | 000,005,332 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,637,068 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,129,652 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,308,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,322 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,462 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Studium:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Sonstiges:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Schule:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Ebay:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\Documents\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.3 Installation Files:Roxio EMC Stream < End of report > [/Code] Der Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.06.2011 12:29:05 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,53% Memory free
4,23 Gb Paging File | 3,19 Gb Available in Paging File | 75,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,18 Gb Total Space | 22,20 Gb Free Space | 22,38% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,92% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-**** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07639B34-7061-48DC-8F3C-550BE44F2071}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B29C2BA-2F9E-4EF0-AE04-42C0736BE362}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BD15E7B-3ADA-4DE4-983E-F9C437E5DCE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DF79D94-72CD-4732-AAB7-C47311F1B454}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17610C35-4CF9-4D64-80EC-0A3BE3F09390}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F816819-0C77-4083-8C0C-BC8C3B8C725B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{21301956-E6B4-43EB-8058-76525615731B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2162540F-A81C-496F-A94C-CEB4CD99AEB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28ABE5F0-B3ED-4E75-992B-4EFF330A7846}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DF6265A-2AE1-45A0-B455-1E3D25398AEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A10C537-981B-40DB-BFDD-B91B0D9C2D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D0BA092-0567-42C7-A7CD-22896345D7A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EB77359-2F2C-4126-9663-7C5563BBDF3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47FF4E45-7D27-4FB4-8767-CE0848096AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B6960C9-3E8E-470E-9642-799272EDFF8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EB2D427-EEB4-4A5F-86B8-77FA17C4B403}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{514AE790-CEC6-4D18-B2E4-646A6656B84B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55FEA510-32C0-46E9-9CD0-393E8A10BC74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{585A7FB7-F5BB-4241-9B2E-A61D02AAE035}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CFD7C7E-8C3B-4432-AF24-09CDDCEDB680}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64BE05DC-7627-444D-8C35-AEDC03B8262F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CAB0E7F-0110-4E76-B7D7-5AB1A0BB1631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7175641E-69A8-4044-B16C-D5A3BB104104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7220E428-B782-42C1-8B36-23ACDDBD7AE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{735ECD6E-C869-4641-8132-65D94DF4FE20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D510AD2-8AF0-412B-9AA7-4F04EB3E84CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80D448EB-E27C-4313-AF1D-FA74138FCD33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80F97876-8597-4C0A-945C-5E332894AE76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81015848-1528-45C5-858F-F07BCA7A980A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83876290-256E-4D16-B237-B3F3D2905C2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87398FB2-2190-4F74-A5D0-AA97F7623744}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{877915B4-E51E-4010-96F4-273C36BA1B5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87BBA7D9-8860-466F-8948-819F2068E023}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94E55B17-BCA0-47E6-9FB1-EC476AE7098F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F059040-B618-415F-8143-8B02D28772B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE5EB6F-6CE2-4214-A8F4-0358B48D6CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1F962E8-BB21-4825-9BAC-8A71D767656C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5BC47FF-AAAD-4244-A25C-14E927C33954}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7C2E478-9C24-42AB-8D5F-4F1986DCFE87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9F87D40-7AC3-496A-AC79-848AF416AED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADDAB433-1373-46D1-9D70-5F9D29C16477}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B141E996-F43D-4F65-9723-40DC453C2420}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE87DE54-685D-4532-A372-4802BB8992DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1CEA169-CC70-4375-81AB-569E95003352}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D255D57C-4086-47C0-B57B-1925E3339D81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D288C1C9-413B-47A4-95C7-77DEDA3A844C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D7260091-8BEE-4811-9F64-B5F0CF4DAEB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D743693E-8BE8-4874-A127-065A9AA82989}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D88AE2E4-3AE1-4C23-9560-82F4554214EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA75401D-8A3F-4CB0-9635-A933B6D30F42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7F5C3A4-9FE9-4397-9F78-4B9856CEECB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9726281-A9E0-4A97-8208-48D9B2128BA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3629BC-670E-4C6A-AA93-E00B0921B466}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2D7F576-4404-4A9B-ABD5-35DEEC3B2D88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F542EC2C-EC71-42E4-8411-913AC47573DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{151F009F-32E5-468B-ADE0-740232C7EBC3}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{4F798F1A-28F8-4E17-8CC6-FAF40ED5D385}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6A70D6AE-1A37-4578-9104-C9F57ED13A43}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8A043A59-3551-432D-95AE-13F74605BD6B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{B2A4D547-D104-4B2E-B052-0692F88FBDE6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D2A4FBBB-90D5-49C3-BD12-0F79CABF6159}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DBDFAB5C-7D48-4736-B6DF-A5A25874D978}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{E19DF7D8-8701-48DE-B319-1208898B4997}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{6359272A-7BB9-48BB-8585-9BDE13121F6D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{66B5868D-02A6-4558-AA0B-5ED829C1F9DD}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{7BBB2429-3332-4A80-BC10-257626692DC0}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{B5DEEC2A-F0D0-4F2A-A6D7-A3EA1385B85B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{B692B845-17DB-4CE2-9E12-7896C389C4BC}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D1C393D5-1E6F-45A6-96C5-C4413CEF274C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DF00832B-31DA-4549-8B4B-FCF28944C9B0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E60041FD-508D-4CEE-8544-24FAD484302D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01866A44-A697-4821-871F-1CB9F907E8DE}" = OpenOffice.org 2.3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"dm-Fotowelt" = dm-Fotowelt
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"fmdkiqh" = Favorit
"FujiDirekt_is1" = FujiDirekt 2.6
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Dell Touchpad
"Tikal" = Tikal (remove only)
"TomTom HOME" = TomTom HOME 2.7.4.1962
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2011 07:54:48 | Computer Name = Laptop-**** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2011 07:54:48 | Computer Name = Laptop-**** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2011 11:56:16 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.05.2011 04:00:01 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.05.2011 04:00:02 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.05.2011 04:00:15 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.05.2011 04:36:16 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.05.2011 05:06:17 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.05.2011 09:31:28 | Computer Name = Laptop-**** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.05.2011 13:57:07 | Computer Name = Laptop-**** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Broadcom Wireless LAN Events ]
Error - 05.06.2011 14:30:39 | Computer Name = Laptop-**** | Source = WLAN-Tray | ID = 0
Description = 20:30:29, Sun, Jun 05, 11 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 23.12.2010 10:24:23 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 23.12.2010 11:32:33 | Computer Name = Laptop-**** | Source = ehRecvr | ID = 3
Description =
Error - 07.03.2011 15:29:55 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 07.03.2011 18:02:13 | Computer Name = Laptop-**** | Source = ehRecvr | ID = 3
Description =
Error - 17.03.2011 14:20:40 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 25.03.2011 18:10:10 | Computer Name = Laptop-**** | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 03/25/2011 23:10:10
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 13.04.2011 12:47:06 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 02.05.2011 14:18:29 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 04.05.2011 14:43:55 | Computer Name = Laptop-**** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 22.05.2011 10:54:44 | Computer Name = Laptop-**** | Source = ehRecvr | ID = 3
Description =
[ System Events ]
Error - 05.06.2011 12:15:34 | Computer Name = Laptop-**** | Source = HTTP | ID = 15016
Description =
Error - 05.06.2011 12:18:56 | Computer Name = Laptop-**** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =
Error - 05.06.2011 12:24:57 | Computer Name = Laptop-**** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =
Error - 05.06.2011 12:26:19 | Computer Name = Laptop-**** | Source = HTTP | ID = 15016
Description =
Error - 05.06.2011 12:26:19 | Computer Name = Laptop-**** | Source = HTTP | ID = 15016
Description =
Error - 05.06.2011 13:34:03 | Computer Name = Laptop-**** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =
Error - 05.06.2011 14:31:51 | Computer Name = Laptop-**** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse
001DD936D9A8 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 05.06.2011 14:33:43 | Computer Name = Laptop-**** | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.105.929.0
Ladende
Modulversion: 1.1.6903.0
Error - 06.06.2011 04:50:53 | Computer Name = Laptop-**** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.25 für die Netzwerkkarte mit der Netzwerkadresse
001DD936D9A8 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.06.2011 04:57:00 | Computer Name = Laptop-**** | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
06.06.2011, 19:17
| #7 |
| /// Helfer-Team | Ich werde Rogue Residue nicht los! ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Ich werde Rogue Residue nicht los! |
| alternate, antivir, avira, bho, c:\windows\system32\rundll32.exe, computer, entfernen, error, excel, fehler, firefox, flash player, home, host.exe, iexplore.exe, install.exe, javaws.exe, langsam, logfile, mozilla, mozilla thunderbird, nicht gefunden, nvlddmkm.sys, oldtimer, plug-in, presentationhost.exe, prozess, registry, scan, searchplugins, security, sehr langsam, shell32.dll, software, start menu, starten, studio, trojaner, virus, vista, visual studio, wscript.exe |
.
Linear-Darstellung
