WürmerHasser | 01.02.2011 14:29 | Ach 'tschuldigung, ich hab gestern Scans mit beiden Programmen gemacht, aber dann vergessen sie mit reinzupacken :(
Anti-Mailware:
------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Datenbank Version: 5653
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
01.02.2011 14:18:16
mbam-log-2011-02-01 (14-18-16).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 306668
Laufzeit: 26 Minute(n), 2 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL:
---------------------------------------------OTL Logfile: Code:
OTL logfile created on: 1/31/2011 8:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\******\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 900.41 Gb Total Space | 849.71 Gb Free Space | 94.37% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 7.85 Gb Free Space | 26.18% Space Free | Partition Type: NTFS
Computer Name: ZUSE-Z5000 | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Bing
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.pspcfw.de/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.1.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/27 16:45:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/29 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/01/02 16:45:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011/01/02 16:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2011/01/02 16:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/30 20:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\v4q8eq4u.default\extensions
[2010/12/27 16:58:57 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\v4q8eq4u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/22 15:53:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\v4q8eq4u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/01/13 21:48:48 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\v4q8eq4u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/12/27 16:50:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\v4q8eq4u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/13 21:34:36 | 000,000,000 | ---D | M] () -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\v4q8eq4u.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2011/01/29 16:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/12/27 19:11:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/29 22:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 11:53:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/12/03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/12/03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/12/03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{60537cae-11e2-11e0-818d-1c4bd646fdc7}\Shell - "" = AutoRun
O33 - MountPoints2\{60537cae-11e2-11e0-818d-1c4bd646fdc7}\Shell\AutoRun\command - "" = J:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/31 20:13:13 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2011/01/31 20:13:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/31 20:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/31 20:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/31 20:13:05 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/31 20:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/30 10:28:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{8F094456-E3BF-4E6C-8A44-A7405E2082E2}
[2011/01/29 22:17:26 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{7B152CF2-8EEC-471A-A9A8-6C780D904686}
[2011/01/29 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{641A8E2B-605E-4102-8349-ADC6F2E242F4}
[2011/01/29 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{04CDC564-0F46-4CDE-952B-E20F2972FDC7}
[2011/01/28 13:41:55 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{124083D0-9A4A-499D-AC83-CA60A18A3B0E}
[2011/01/27 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/01/27 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{4D674A9B-543E-4BD9-B95F-0F73AF95528C}
[2011/01/26 16:48:48 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Windows Live Writer
[2011/01/26 16:48:48 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Windows Live Writer
[2011/01/26 13:44:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{3140A044-8A10-401A-802D-5B8CE277BED0}
[2011/01/25 19:01:21 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Müll
[2011/01/25 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{B8661ECC-C1B2-4140-A3B2-41BBF410DDFE}
[2011/01/24 15:42:35 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\pspking
[2011/01/24 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{7AC276FE-375A-4A72-B176-91B77CFFC7C3}
[2011/01/23 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{321AB849-0457-4F4F-962E-9EEAABF81A69}
[2011/01/22 11:43:41 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{D4E8E9AC-14B0-4B4F-9395-CB04A8E3CC03}
[2011/01/22 11:37:41 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/01/22 11:36:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/22 11:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/22 11:32:12 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011/01/22 11:32:12 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/01/22 11:32:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011/01/22 11:32:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011/01/22 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Windows Live
[2011/01/22 11:23:41 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\MSN_Logs
[2011/01/20 20:36:50 | 000,000,000 | ---D | C] -- C:\Users\******\Muell
[2011/01/18 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Avira
[2011/01/17 21:58:35 | 000,000,000 | ---D | C] -- C:\Users\******\lustig-Dateien
[2011/01/15 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\sony-lustig-Dateien
[2011/01/15 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\sony-vorstellungsthread-Dateien
[2011/01/15 14:03:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/01/14 14:02:11 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\psp2_geruechte-Dateien
[2011/01/13 21:46:46 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\DVDVideoSoft
[2011/01/13 21:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/01/13 21:46:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2011/01/13 21:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011/01/13 21:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011/01/13 16:19:51 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.minecraft
[2011/01/12 19:35:11 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/01/12 19:35:11 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/12 19:35:11 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/12 19:35:11 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/12 19:35:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/12 19:35:11 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/12 19:35:10 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/01/12 19:35:10 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/01/12 19:35:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/12 19:35:10 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/12 19:35:10 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/12 19:35:10 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/12 19:35:09 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/12 19:35:09 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/01/12 19:35:09 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/12 19:35:09 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/12 19:35:09 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/12 19:35:09 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/12 19:35:09 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/01/12 19:35:09 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/12 19:35:09 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/12 19:35:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/01/12 19:35:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/12 19:35:09 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/01/12 19:35:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/12 19:35:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/12 19:35:08 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/12 19:34:10 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 19:34:10 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/09 15:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/01/09 15:14:36 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Google
[2011/01/09 15:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/01/06 18:50:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/06 17:39:35 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\geschichte
[2011/01/05 22:17:27 | 000,000,000 | ---D | C] -- C:\Users\******\Tutorials
[2011/01/05 21:49:53 | 000,000,000 | ---D | C] -- C:\Users\******\.ProOrganoPleno
[2011/01/05 15:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2011/01/05 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\supertuxkart
[2011/01/05 13:31:48 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/01/05 13:31:48 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/01/05 13:31:48 | 000,136,192 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/01/05 13:31:48 | 000,114,688 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/01/05 13:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/01/05 13:30:38 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperTuxKart for Windows
[2011/01/05 13:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/01/05 13:28:11 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Visual Studio 2008
[2011/01/05 13:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ 2008 Express Edition
[2011/01/05 13:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/01/05 13:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2011/01/05 13:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/01/05 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
[2011/01/05 13:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/01/05 11:53:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/01/05 11:53:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/01/05 11:53:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/01/03 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strawberry Perl
[2011/01/03 22:30:20 | 000,000,000 | ---D | C] -- C:\perl
[2011/01/03 22:27:18 | 000,000,000 | ---D | C] -- C:\Users\******\Perl
[2011/01/03 19:30:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Nettalk
[2011/01/03 19:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nettalk6
[2011/01/03 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\mIRC
[2011/01/03 18:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
[2011/01/03 18:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX
[2011/01/02 16:45:37 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Thunderbird
[2011/01/02 16:45:37 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Thunderbird
[2011/01/02 16:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/01/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/12/27 18:19:33 | 001,047,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp64.exe
========== Files - Modified Within 30 Days ==========
[2011/01/31 18:37:07 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/31 18:37:07 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/31 18:34:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/31 18:34:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/01/31 18:34:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/31 18:34:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/01/31 18:34:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/31 18:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/31 18:29:44 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/20 22:07:46 | 000,003,265 | ---- | M] () -- C:\Users\******\Desktop\C-Projektordner.lnk
[2011/01/18 16:41:34 | 000,008,483 | ---- | M] () -- C:\Users\******\Documents\vshctrl_encrypted.prx
[2011/01/17 21:58:35 | 000,065,783 | ---- | M] () -- C:\Users\******\lustig.htm
[2011/01/15 22:38:20 | 000,620,511 | ---- | M] () -- C:\Users\******\Documents\pspdecompiler.exe
[2011/01/15 22:35:59 | 000,010,562 | ---- | M] () -- C:\Users\******\Documents\systemctrl_02g.prx
[2011/01/15 20:46:13 | 000,110,002 | ---- | M] () -- C:\Users\******\Documents\sony-lustig.htm
[2011/01/15 18:16:31 | 000,094,239 | ---- | M] () -- C:\Users\******\Documents\sony-vorstellungsthread.htm
[2011/01/15 13:45:13 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/14 14:02:12 | 000,126,903 | ---- | M] () -- C:\Users\******\Documents\psp2_geruechte.htm
[2011/01/10 17:02:36 | 000,046,569 | ---- | M] () -- C:\Users\******\Documents\music_parser_exports.xml
[2011/01/06 19:24:22 | 500,542,057 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/05 13:31:48 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/01/05 13:31:48 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/01/05 13:31:48 | 000,136,192 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/01/05 13:31:48 | 000,114,688 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
========== Files Created - No Company Name ==========
[2011/01/22 11:35:45 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/01/22 11:35:23 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/01/22 11:34:52 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/01/22 11:34:35 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/01/20 22:07:46 | 000,003,265 | ---- | C] () -- C:\Users\******\Desktop\C-Projektordner.lnk
[2011/01/19 14:12:00 | 000,100,352 | ---- | C] () -- C:\Windows\SysNative\zlib1.dll
[2011/01/18 16:41:32 | 000,008,483 | ---- | C] () -- C:\Users\******\Documents\vshctrl_encrypted.prx
[2011/01/17 21:58:35 | 000,065,783 | ---- | C] () -- C:\Users\******\lustig.htm
[2011/01/15 22:38:08 | 000,620,511 | ---- | C] () -- C:\Users\******\Documents\pspdecompiler.exe
[2011/01/15 22:35:58 | 000,010,562 | ---- | C] () -- C:\Users\******\Documents\systemctrl_02g.prx
[2011/01/15 20:46:13 | 000,110,002 | ---- | C] () -- C:\Users\******\Documents\sony-lustig.htm
[2011/01/15 18:16:30 | 000,094,239 | ---- | C] () -- C:\Users\******\Documents\sony-vorstellungsthread.htm
[2011/01/15 13:45:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/14 14:02:11 | 000,126,903 | ---- | C] () -- C:\Users\******\Documents\psp2_geruechte.htm
[2011/01/10 17:02:32 | 000,046,569 | ---- | C] () -- C:\Users\******\Documents\music_parser_exports.xml
[2011/01/06 18:50:10 | 500,542,057 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/03 19:29:44 | 000,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nettalk.lnk
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2011/01/13 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.minecraft
[2011/01/13 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2011/01/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ICQ
[2011/01/03 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nettalk
[2010/12/27 16:44:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Notepad++
[2010/12/30 21:25:19 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Subversion
[2011/01/05 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\supertuxkart
[2011/01/02 16:45:37 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Thunderbird
[2010/12/28 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\WB Games
[2011/01/26 16:48:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Windows Live Writer
[2009/07/14 06:08:49 | 000,024,806 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
OTL-Extras:
------------------------------------OTL Logfile: Code:
OTL Extras logfile created on: 1/31/2011 8:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\******\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 900.41 Gb Total Space | 849.71 Gb Free Space | 94.37% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 7.85 Gb Free Space | 26.18% Space Free | Partition Type: NTFS
Computer Name: ZUSE-Z5000 | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D773B0F5-5511-4812-B1A0-C6635F7AD6B8}" = Slik Subversion 1.6.15 (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066ED8C4-8C66-4824-ACF4-8F622E88E074}" = LEGO® Indiana Jones™ Demo
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1966CFDC-5011-4480-B309-7FD59B91D10F}" = LEGO® Harry Potter™: Die Jahre 1-4 DEMO
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73228B5-F869-3044-B3D8-7D3F0F3A5987}" = Strawberry Perl
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.1-alpha-5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.14
"InstallShield_{066ED8C4-8C66-4824-ACF4-8F622E88E074}" = LEGO® Indiana Jones™ Demo
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Nettalk_is1" = Nettalk 6.7
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"PSP DevKit" = PSP DevKit 0.10.0
"TIPP10_is1" = TIPP10 Version 2.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/25/2011 12:57:40 PM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/26/2011 11:12:40 AM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/26/2011 11:13:25 AM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/26/2011 11:48:40 AM | Computer Name = Zuse-Z5000 | Source = ESENT | ID = 215
Description = wlmail (4552) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 1/28/2011 12:30:43 PM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/28/2011 12:31:28 PM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/29/2011 6:27:42 AM | Computer Name = Zuse-Z5000 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LegoStarwars.exe, Version: 0.0.0.0,
Zeitstempel: 0x4250fcee Name des fehlerhaften Moduls: LegoStarwars.exe, Version:
0.0.0.0, Zeitstempel: 0x4250fcee Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012902e
ID
des fehlerhaften Prozesses: 0x11fc Startzeit der fehlerhaften Anwendung: 0x01cbbf9b844df9e7
Pfad
der fehlerhaften Anwendung: C:\Spiele (x86)\Giant\LEGO Star Wars Game\LegoStarwars.exe
Pfad
des fehlerhaften Moduls: C:\Spiele (x86)\Giant\LEGO Star Wars Game\LegoStarwars.exe
Berichtskennung:
66c80c26-2b92-11e0-8168-00040efd820c
Error - 1/30/2011 7:33:21 AM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/30/2011 7:34:08 AM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/31/2011 11:04:45 AM | Computer Name = Zuse-Z5000 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 1/6/2011 2:25:00 PM | Computer Name = Zuse-Z5000 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/6/2011 2:25:00 PM | Computer Name = Zuse-Z5000 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/6/2011 2:25:00 PM | Computer Name = Zuse-Z5000 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/6/2011 2:30:05 PM | Computer Name = Zuse-Z5000 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/26/2011 4:35:28 PM | Computer Name = Zuse-Z5000 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR11
gefunden.
Error - 1/26/2011 4:35:28 PM | Computer Name = Zuse-Z5000 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR11
gefunden.
Error - 1/26/2011 4:35:29 PM | Computer Name = Zuse-Z5000 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR11
gefunden.
Error - 1/26/2011 4:35:29 PM | Computer Name = Zuse-Z5000 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR11
gefunden.
Error - 1/26/2011 4:35:30 PM | Computer Name = Zuse-Z5000 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR11
gefunden.
Error - 1/29/2011 6:19:11 PM | Computer Name = Zuse-Z5000 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?01.?2011 um 23:17:38 unerwartet heruntergefahren.
< End of report > --- --- ---
Ach und wie ich bemerkt habe... anscheinend gibt es (und zwar seit Anfang des PCs an), sehr oft die "User Profile Service" Meldung:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-3675175457-2876723570-1352203212-1001:
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\My
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\CA
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\trust
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1920 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3675175457-2876723570-1352203212-1001\Software\Microsoft\SystemCertificates\Root
(diese variiert manchmal),
auf die immer sehr dicht (nach Sekunden) die "TimeService" Meldung
Aufgrund eines DNS-Auflösungsfehlers auf "" konnte vom "NtpClient" kein manueller Peer als Zeitquelle festgelegt werden. In 3473457 Minuten wird ein weiterer Versuch ausgeführt und das Intervall für weitere Versuche anschließend verdoppelt. Fehler: Der angeforderte Name ist gültig, es wurden jedoch keine Daten des angeforderten Typs gefunden. (0x80072AFC)
und die WLAN-Auto-Config Meldung:
Der Dienst für die automatische WLAN-Konfiguration wurde erfolgreich beendet.
folgen.
Diese Meldungen sind immer ungefähr zur selben Zeit, wann auch die "Non-existing Thread" Meldungen auftauchen (ich weiß es nicht genau, da ich die Non-exinsting Threads ja immer erst nach einiger Zeit bemerke).
Könnte es sein, dass dies irgendwie zusammenhängt?
BTW, das mit der svchost.exe scheint normal zu sein, auf meinem alten PC (WinXP) läuft die auch 5 mal ;)
Ich hoff mal, dass sich dass ganze so etwas erklären lässt, vielleicht ists ja doch kein Virus :)
Dann würd sich aber immer noch die Frage stellen, was dieser Link macht :/
P.S.:
Vielen Dank für die nette Begrüßung und die Tipps, es ist immer angenehm zu sehen, dass einem geholfen wird :)
//EDIT2:
P.S.2.: Mir ist gerade etwas aufgefallen, dass mich etwas Angst machen lässt... die ID in der Klammer des Unbekannten Kontos ändert sich bei jeder Anmeldung.
Einmal ist es S-1-5-5-0-15... (schreib jetzt net alles auf), ein anderes mal ist es S-1-5-5-0-11... :/
Ich hab dafür nur 3 Erklärungen:
- Es könnte das (deaktivierte) Gast Konto sein (denk ich nicht)
- Es könnte das aktive 2. Konto auf dem PC sein, welches in dem Sicherheit-Reiter NICHT angezeigt wird (denk ich auch nicht)
- Es könnte ein Virus sein (wär mir am logischsten)
Weiß irgendwer weiter? |