|
Log-Analyse und Auswertung: Festplatte beschädigt, Daten dahinWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.06.2011, 14:47 | #1 |
| Festplatte beschädigt, Daten dahin Hallo! Mein Problem wurde bereits hier http://www.trojaner-board.de/99162-t...e-dateien.html schon einmal behandelt. Es ist auf ähnliche Weise passiert: Beim Starten des Computers kam plötzlich die Fehlmeldung "Festplatte beschädigt" u.w, der Laptop stürzte ab und dann waren die Daten weg. Internet funktioniert, aber alles andere ist dahin. Ich habe bis jetzt sicherheitshalber noch keine Aktionen durchgeführt. Mit großer Bitte, dass sich jemand meinem Daten-GAU annimmt danke ich im Voraus!!! Liebe Grüße Geändert von problem00 (12.06.2011 um 14:58 Uhr) |
12.06.2011, 15:40 | #2 |
/// Malware-holic | Festplatte beschädigt, Daten dahin hi, durchatmen, nichts ist weg, alles ist heil :-)
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
12.06.2011, 19:11 | #3 |
| Festplatte beschädigt, Daten dahin Danke vielmals für die schnelle Antwort!
__________________OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2011 22:36:09 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Claudia\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 40,22% Memory free 6,08 Gb Paging File | 4,25 Gb Available in Paging File | 69,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,88 Gb Total Space | 140,17 Gb Free Space | 62,89% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BERND-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Claudia\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\36429560.exe (Microsoft Corporation) PRC - C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe (SPAMfighter ApS) PRC - C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe () PRC - C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Programme\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH) PRC - C:\Programme\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\HPSIsvc.exe (HP) PRC - C:\Programme\GMX\LiveUpdate\m2LUTray.exe () PRC - C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Users\Claudia\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\eMachines\eMachines Power Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\Claudia\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\Norton Internet Security\Engine\17.8.0.5\asoehook.dll (Symantec Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation) MOD - C:\Programme\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation) MOD - C:\Programme\eMachines\eMachines Power Management\SysHook.dll (Acer Incorporated) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (HPSIService) -- C:\Windows\System32\HPSIsvc.exe (HP) SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx86.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100914.003\IDSvix86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys (Symantec Corporation) DRV - (mvusbews) -- C:\Windows\System32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.) DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vp32&d=0609&m=g725 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=0e4a8b2100000000000000235ad72633&tlver=1.4.19.19&ss=1&affID=17395 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vp32&d=0609&m=g725 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tangotoolbar.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.order.2: "amazon.de" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=0e4a8b2100000000000000235ad72633&tlver=1.4.19.19&ss=1&affID=17395" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {25AAD618-76C8-4E6A-9768-8320705379EC}:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14197&locale=de_US&apn_uid=DDC4F023-98D7-4B1F-8799-68F8DEFD98C6&apn_ptnrs=FN&apn_sauid=DD386C25-B35F-4986-BD74-00EA7016BA33&apn_dtid=TES002YYAT&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.05.29 12:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.01.28 00:47:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Claudia\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2011.06.11 16:19:29 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 11:34:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.19 11:34:21 | 000,000,000 | ---D | M] [2010.01.23 12:20:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions [2011.06.11 15:14:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions [2011.06.11 16:19:28 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.11 16:19:28 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.06.11 16:19:29 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.06.11 16:19:29 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.11 16:19:29 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.06.11 16:19:29 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.06.11 16:19:27 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\engine@conduit.com [2011.06.11 16:19:27 | 000,000,000 | -H-D | M] (Plasmoo Search Engine) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\engine@plasmoo.com [2011.06.11 15:15:05 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\ffxtlbr@babylon.com [2011.06.11 16:19:27 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\toolbar@ask.com [2010.01.23 16:21:02 | 000,005,591 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\1und1-suche.xml [2010.01.23 16:20:58 | 000,001,371 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\amazonde.xml [2011.06.10 09:10:08 | 000,002,396 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\askcom.xml [2010.12.08 16:47:52 | 000,000,927 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\plasmoo.xml [2011.06.10 11:18:07 | 000,001,418 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\preisvergleich.xml [2010.01.23 16:20:59 | 000,005,588 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\webde-suche.xml [2011.04.22 08:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.10 17:20:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.28 15:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.19 11:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.04.19 11:34:23 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net File not found (No name found) -- [2010.05.10 17:20:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.28 15:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.05.29 12:23:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN () (No name found) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GLC5DC9V.DEFAULT\EXTENSIONS\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}.XPI () (No name found) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GLC5DC9V.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.06.11 15:15:16 | 000,002,428 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Tango) - {DE56DA9B-7965-44B3-9386-7C2F2D23F26A} - File not found O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Tango) - {DE56DA9A-7965-44B3-9386-7C2F2D23F26A} - File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {DE56DA9A-7965-44B3-9386-7C2F2D23F26A} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GMX Update] C:\Programme\GMX\LiveUpdate\m2LUTray.exe () O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [ECXHYIMSihMUVK] C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation) O4 - HKCU..\Run: [GabPath] C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe () O4 - HKCU..\Run: [hvhlcGymBdBoPf2jvFT] C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe () O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Claudia\Pictures\henrietta300.jpg O24 - Desktop BackupWallPaper: C:\Users\Claudia\Pictures\henrietta300.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4ab9a173-7bd4-11de-a0c1-00235ad72633}\Shell - "" = AutoRun O33 - MountPoints2\{4ab9a173-7bd4-11de-a0c1-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4ab9a187-7bd4-11de-a0c1-00235ad72633}\Shell - "" = AutoRun O33 - MountPoints2\{4ab9a187-7bd4-11de-a0c1-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a41ada2d-88db-11de-bbc1-00235ad72633}\Shell - "" = AutoRun O33 - MountPoints2\{a41ada2d-88db-11de-bbc1-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{fd9b9402-80ab-11de-94a7-00235ad72633}\Shell - "" = AutoRun O33 - MountPoints2\{fd9b9402-80ab-11de-94a7-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.11 21:32:08 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes [2011.06.11 21:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.11 21:31:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.11 21:31:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.06.11 21:31:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.11 21:16:20 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ToolHouse [2011.06.11 21:16:08 | 000,000,000 | ---D | C] -- C:\Programme\toolstarFRPRO DEMO [2011.06.11 18:25:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\TuneUp Software [2011.06.11 18:25:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.06.11 15:30:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\SweetIM [2011.06.11 15:30:06 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM [2011.06.11 15:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard 5.0.1 Demo [2011.06.11 15:29:37 | 000,000,000 | ---D | C] -- C:\Programme\EASEUS [2011.06.11 15:28:49 | 003,856,864 | -H-- | C] (EASEUS ) -- C:\Users\Claudia\Desktop\EaseusDataRecoveryWizard5.0.1.exe [2011.06.11 15:21:52 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Uniblue [2011.06.11 15:21:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.06.11 15:21:45 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2011.06.11 15:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2011.06.11 15:14:54 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2011.06.11 15:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2011.06.11 15:14:42 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2011.06.11 15:13:15 | 002,451,576 | -H-- | C] (Piriform Ltd) -- C:\Users\Claudia\Desktop\rcsetup1.40.525.exe [2011.06.11 09:54:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.06.11 09:13:04 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore [2011.06.11 09:12:49 | 000,379,904 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\36429560.exe [2011.06.11 09:03:44 | 000,477,184 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\ECXHYIMSihMUVK.exe [2011.06.04 21:14:55 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\Desktop\et nytt barn [2011.06.01 07:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.05.30 20:29:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo [2011.05.30 20:29:23 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft [2011.05.28 14:16:45 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\go [2011.05.28 14:16:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Easybits GO [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011.06.11 22:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.11 22:32:38 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable [2011.06.11 22:00:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.11 22:00:32 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Claudia-Startup.job [2011.06.11 22:00:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.06.11 22:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.11 22:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.11 22:00:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.11 22:00:07 | 3147,800,576 | -HS- | M] () -- C:\hiberfil.sys [2011.06.11 21:26:40 | 000,000,680 | -H-- | M] () -- C:\Users\Claudia\AppData\Local\d3d9caps.dat [2011.06.11 21:16:20 | 000,001,948 | -H-- | M] () -- C:\Users\Claudia\Desktop\file-recovery-professional DEMO.lnk [2011.06.11 21:13:58 | 008,349,872 | -H-- | M] () -- C:\Users\Claudia\Desktop\FRCDEM.zip [2011.06.11 15:28:52 | 003,856,864 | -H-- | M] (EASEUS ) -- C:\Users\Claudia\Desktop\EaseusDataRecoveryWizard5.0.1.exe [2011.06.11 15:21:46 | 000,001,593 | -H-- | M] () -- C:\Users\Claudia\Desktop\Uniblue RegistryBooster.lnk [2011.06.11 15:13:18 | 002,451,576 | -H-- | M] (Piriform Ltd) -- C:\Users\Claudia\Desktop\rcsetup1.40.525.exe [2011.06.11 09:13:13 | 000,000,595 | -H-- | M] () -- C:\Users\Claudia\Desktop\Windows Vista Restore.lnk [2011.06.11 09:13:06 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~36429560r [2011.06.11 09:13:06 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~36429560 [2011.06.11 09:12:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\36429560 [2011.06.11 09:12:50 | 000,379,904 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\36429560.exe [2011.06.11 09:03:41 | 000,477,184 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\ECXHYIMSihMUVK.exe [2011.06.10 18:43:15 | 000,000,478 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Claudia.job [2011.06.09 10:17:41 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.09 10:17:41 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.09 10:17:41 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.09 10:17:41 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.06 01:06:07 | 000,646,087 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 9.png [2011.06.06 00:53:39 | 000,496,764 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 8.png [2011.06.06 00:52:42 | 000,616,400 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 6.png [2011.06.06 00:47:23 | 000,607,541 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 5.png [2011.06.06 00:45:31 | 000,596,806 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 2.png [2011.06.06 00:41:08 | 000,204,817 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 1.png [2011.05.30 20:30:43 | 000,001,034 | -H-- | M] () -- C:\Users\Claudia\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.30 07:01:47 | 000,000,907 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.05.30 07:01:46 | 000,000,927 | -H-- | M] () -- C:\Users\Claudia\Desktop\Dropbox.lnk [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.27 10:41:40 | 000,001,392 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\wklnhst.dat [2011.05.23 11:35:44 | 001,567,497 | -H-- | M] () -- C:\Users\Claudia\Documents\leksjon 14-2.wma [2011.05.23 11:32:53 | 007,444,907 | -H-- | M] () -- C:\Users\Claudia\Documents\leksjon 14.wma [2011.05.21 17:34:05 | 000,077,224 | -H-- | M] () -- C:\ProgramData\dudenbib.wav ========== Files Created - No Company Name ========== [2011.06.11 22:32:38 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable [2011.06.11 21:16:20 | 000,001,948 | -H-- | C] () -- C:\Users\Claudia\Desktop\file-recovery-professional DEMO.lnk [2011.06.11 21:13:51 | 008,349,872 | -H-- | C] () -- C:\Users\Claudia\Desktop\FRCDEM.zip [2011.06.11 15:21:56 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.06.11 15:21:46 | 000,001,593 | -H-- | C] () -- C:\Users\Claudia\Desktop\Uniblue RegistryBooster.lnk [2011.06.11 09:13:11 | 000,000,595 | -H-- | C] () -- C:\Users\Claudia\Desktop\Windows Vista Restore.lnk [2011.06.11 09:13:06 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~36429560r [2011.06.11 09:13:05 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~36429560 [2011.06.11 09:12:55 | 000,000,336 | -H-- | C] () -- C:\ProgramData\36429560 [2011.06.06 01:06:04 | 000,646,087 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 9.png [2011.06.06 00:53:37 | 000,496,764 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 8.png [2011.06.06 00:52:39 | 000,616,400 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 6.png [2011.06.06 00:47:20 | 000,607,541 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 5.png [2011.06.06 00:45:28 | 000,596,806 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 2.png [2011.06.06 00:41:06 | 000,204,817 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 1.png [2011.05.28 14:16:46 | 000,001,587 | -H-- | C] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk [2011.05.23 11:35:44 | 001,567,497 | -H-- | C] () -- C:\Users\Claudia\Documents\leksjon 14-2.wma [2011.05.23 11:32:53 | 007,444,907 | -H-- | C] () -- C:\Users\Claudia\Documents\leksjon 14.wma [2011.03.20 11:16:28 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\wshqos32.dll [2011.01.18 20:38:37 | 000,001,940 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.12.15 21:26:48 | 000,000,783 | -H-- | C] () -- C:\Windows\NTIWVEDT.INI [2010.10.05 18:59:20 | 001,265,664 | -H-- | C] () -- C:\Windows\System32\HPM1210SM.exe [2010.10.05 18:59:19 | 000,163,840 | -H-- | C] () -- C:\Windows\System32\HPM1210LM.DLL [2010.10.05 18:56:59 | 000,284,160 | -H-- | C] () -- C:\Windows\System32\mvhlewsi.dll [2010.10.05 18:56:57 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2010.10.05 18:56:56 | 000,167,936 | ---- | C] () -- C:\Windows\System32\m1130wia.dll [2010.10.05 18:56:56 | 000,053,760 | -H-- | C] () -- C:\Windows\System32\HPM1210SMs.dll [2010.09.09 13:34:07 | 000,077,224 | -H-- | C] () -- C:\ProgramData\dudenbib.wav [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.05.06 19:41:17 | 000,000,680 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\d3d9caps.dat [2009.08.31 22:15:04 | 000,000,130 | -H-- | C] () -- C:\Windows\wininit.ini [2009.08.19 17:59:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.12 16:28:30 | 000,053,478 | -H-- | C] () -- C:\Windows\mvtcpui.ini [2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.08.02 16:37:51 | 000,048,640 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.29 16:13:06 | 000,284,160 | -H-- | C] () -- C:\Windows\unin0407.exe [2009.07.28 19:44:11 | 000,001,392 | -H-- | C] () -- C:\Users\Claudia\AppData\Roaming\wklnhst.dat [2009.06.22 12:47:56 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll [2009.06.22 12:47:56 | 000,009,216 | -H-- | C] () -- C:\Windows\usbvideo_reg.exe [2009.06.22 12:47:56 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini [2009.04.07 06:32:10 | 000,022,723 | -H-- | C] () -- C:\Windows\System32\cl31cl3.dll [2009.03.04 03:48:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll [2009.03.04 03:48:30 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2009.03.03 20:44:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.03.03 20:44:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.03.03 20:44:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.03.03 20:44:54 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.03.03 19:33:45 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.03 19:33:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,546,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2011 22:36:09 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Claudia\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 40,22% Memory free 6,08 Gb Paging File | 4,25 Gb Available in Paging File | 69,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,88 Gb Total Space | 140,17 Gb Free Space | 62,89% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BERND-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03C4EED7-A279-462F-BBA7-D2D8BD5046D4}" = lport=137 | protocol=17 | dir=in | app=system | "{14C88765-7B51-416D-AB99-3478F5F94196}" = lport=2869 | protocol=6 | dir=in | app=system | "{24DFA3E5-3B50-4014-95E2-148BDB6AA210}" = lport=445 | protocol=6 | dir=in | app=system | "{2F669F43-4395-4434-830C-5FDBCDCBEF67}" = lport=138 | protocol=17 | dir=in | app=system | "{4B95E661-DB88-459E-8637-281C836D5085}" = lport=139 | protocol=6 | dir=in | app=system | "{73B46C02-BD2C-45E2-80DD-1F64DC997D12}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{76D4A6E2-FC47-473F-8F6F-A39963524580}" = rport=445 | protocol=6 | dir=out | app=system | "{7AF1F616-5C39-4E1E-A676-1840CC3EA173}" = rport=137 | protocol=17 | dir=out | app=system | "{7B3F1052-8DA9-4CED-B9A3-BDDF3D56513D}" = rport=139 | protocol=6 | dir=out | app=system | "{890A6878-33A4-48DF-AA6F-6EDC2A25F34F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ADF3C647-AD9F-4D42-A60E-5ED9B9D64A87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C9269BC0-DEB7-40BF-B21B-C68B22510B2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D7CC5BD1-7369-4016-B23E-3295BA1BF60C}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07FB16ED-34E8-419D-9B79-37ACEE5F16E9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{0FB12408-EB6E-4B22-A547-1DC3C59EC289}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1694CD1C-1C3A-4CBF-85C8-28504BA0738A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{183A199C-B066-4DC9-A7C1-461C4F089979}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{1A279C8B-C746-48D6-8A7D-67D1CF91BB48}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1AD1BE97-D5B8-4BCA-B7B3-02512A902298}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{21E35137-45B6-4179-99BF-C14FD554F60F}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{37E9EE39-845F-48FE-85E1-13B7114B4F9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3E1ADA80-FA43-4A96-A43C-F53305971AD6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{431F9983-F99D-4659-99BD-C719F9D0120D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{635F64AC-869A-4DBE-BF98-91BFFEDE5560}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6EC031C4-A9F6-4018-8994-A93A8DDD11D7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{6ED179EE-D58F-4424-8038-F6FCE7ACBE5C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{7BCAA46F-6714-4FD4-BB58-4A5729EA1B54}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe | "{91138D45-7AF2-4FE7-A974-58891B5030E2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{AC1BB519-EE2F-46A0-B82C-6AC9D445576B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AC361D2D-A251-4014-AB62-2CC3EE44B01E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AF1237AD-20ED-43DD-9793-CF0422933901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B93E3D27-F981-4CDB-8288-0373491B2B36}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{CF749757-C9FD-4830-B3FD-32E5672051C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D1C45A15-3F70-49ED-BC82-DA11F735346F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{DE18BB14-DF89-4FC2-86BB-6D696EF2EAFD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{EE11C9E1-83BB-49B7-B25A-125E062DC960}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FD84BF63-CC78-4A4C-9FDD-D9331F47B6AD}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService "{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B77BC7B-4538-4652-AF33-C201F21BF8F2}" = toolstar* file recovery professional DEMO "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4F45EE37-41B8-4228-A0BC-D7633632D692}" = Duden Korrektor kompakt "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition "{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{867F5501-F8EF-4542-9D68-310A238A15FF}" = SLOW-PCfighter "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B435AE22-F62A-4402-A4E5-E612631B92C9}" = OnlineLive "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0 "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DE56DA9A-7965-44B3-9386-7C2F2D23F26A}" = Tango "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner "{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "3DataManager" = Mein 3DataManager "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "BabylonToolbar" = Babylon toolbar "conduitEngine" = Conduit Engine "DivX Setup.divx.com" = DivX-Setup "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EASEUS Data Recovery Wizard 5.0.1 Demo_is1" = EASEUS Data Recovery Wizard 5.0.1 Demo "eMachines Screensaver" = eMachines ScreenSaver "ENTERPRISE" = Microsoft Office Enterprise 2007 "Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Studio_is1" = Free Studio version 5.0.9 "Free YouTube Download_is1" = Free YouTube Download 2.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31 "FrostWire" = FrostWire 4.21.3 "GMX Update" = GMX Update "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "NIS" = Norton Internet Security "NSS" = Norton Security Scan "Recuva" = Recuva "ResultTool" = ResultTool 1.0 build 139 powered by FIRST SEARCHBAR "SLOW-PCfighter" = SLOW-PCfighter "SMPlayer" = SMPlayer 0.6.8 "softonic-de3 Toolbar" = softonic-de3 Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Print Shop Premier Edition 5.0" = Print Shop Premier 5.0 "Uniblue RegistryBooster" = Uniblue RegistryBooster "Uninstall_is1" = Uninstall 1.0.0.1 "WildTangent emachines Master Uninstall" = eMachines Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GabPath" = GabPath "Game Organizer" = EasyBits GO "Heinzelnisse" = Heinzelnisse "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.02.2011 04:47:26 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10 Description = Error - 16.02.2011 04:48:22 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a, Prozess-ID 0x14c, Anwendungsstartzeit 01cbcdb641d74348. Error - 16.02.2011 09:32:52 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10 Description = Error - 16.02.2011 09:34:34 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a, Prozess-ID 0x1500, Anwendungsstartzeit 01cbcdde3e0331b4. Error - 17.02.2011 04:09:22 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10 Description = Error - 17.02.2011 04:11:00 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a, Prozess-ID 0xd08, Anwendungsstartzeit 01cbce7a339c619f. Error - 17.02.2011 05:33:45 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10 Description = Error - 17.02.2011 05:34:03 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a, Prozess-ID 0x12f0, Anwendungsstartzeit 01cbce85cfc6fadd. Error - 17.02.2011 11:48:33 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10 Description = Error - 17.02.2011 11:49:23 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629, Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a, Prozess-ID 0x15e8, Anwendungsstartzeit 01cbceba3b6354f7. [ OSession Events ] Error - 08.12.2010 04:22:47 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.02.2011 18:10:25 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 06.03.2011 16:55:47 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
12.06.2011, 19:19 | #4 |
/// Malware-holic | Festplatte beschädigt, Daten dahin achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\ProgramData\36429560.exe (Microsoft Corporation) PRC - C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation) PRC - C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe () PRC - C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe () O4 - HKCU..\Run: [hvhlcGymBdBoPf2jvFT] C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe () O4 - HKCU..\Run: [GabPath] C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe () O4 - HKCU..\Run: [ECXHYIMSihMUVK] C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation) :Files C:\ProgramData\ECXHYIMSihMUVK.exe C:\ProgramData\36429560.exe C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe C:\Users\Claudia\AppData\Roaming\GabPath :Commands [purity] [resethosts] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2011, 20:25 | #5 |
| Festplatte beschädigt, Daten dahin Ok, ich hoffe alles richtig gemacht zu haben?! lg |
12.06.2011, 20:26 | #6 |
| Festplatte beschädigt, Daten dahin All processes killed ========== OTL ========== No active process named 36429560.exe was found! No active process named ECXHYIMSihMUVK.exe was found! No active process named twkpxev.exe was found! No active process named gabpath.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hvhlcGymBdBoPf2jvFT deleted successfully. C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GabPath deleted successfully. C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ECXHYIMSihMUVK deleted successfully. C:\ProgramData\ECXHYIMSihMUVK.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\ECXHYIMSihMUVK.exe not found. C:\ProgramData\36429560.exe moved successfully. File\Folder C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe not found. C:\Users\Claudia\AppData\Roaming\GabPath folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Claudia ->Flash cache emptied: 181936 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Claudia ->Temp folder emptied: 1224303895 bytes ->Temporary Internet Files folder emptied: 211198793 bytes ->Java cache emptied: 1243876 bytes ->FireFox cache emptied: 122635074 bytes ->Google Chrome cache emptied: 6186598 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 154030866 bytes RecycleBin emptied: 852944694 bytes Total Files Cleaned = 2.453,00 mb OTL by OldTimer - Version 3.2.24.0 log created on 06122011_205642 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
12.06.2011, 20:28 | #7 |
/// Malware-holic | Festplatte beschädigt, Daten dahin nö, gibt nur nen halbes bienchen. du hast nur das log hochgeladen im upload channel, ich möchte aber den ganzen ordner moved files gepackt und hochgeladen haben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2011, 20:41 | #8 |
| Festplatte beschädigt, Daten dahin ;-)... ja, est tut mir wahnsinnig leid für dich, du triffst auf einen vollkommenen Laien. Folgendes: 'wähle zu movedfiles.rar oder zip. hinzufügen' klappt nicht... |
12.06.2011, 20:43 | #9 |
/// Malware-holic | Festplatte beschädigt, Daten dahin gibts nicht meinst du? das liegt nicht an dir. http://filepony.de/download-7-zip/ instaliere 7zip dann wieder rechtsklick wie beschrieben auf moved files. dort das 7zip menü aufklappen und zu movedfiles.7zip hinzufügen, dann hochladen wie beschrieben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2011, 20:51 | #10 |
| Festplatte beschädigt, Daten dahin Genau, jetzt sollte es eigentlich funktioniert haben... |
12.06.2011, 20:53 | #11 |
/// Malware-holic | Festplatte beschädigt, Daten dahin ich benötige ein bischen zeit um die dateien anzusehen. sind deine dateien sichtbar? welche probleme gibts noch?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2011, 22:45 | #12 |
| Festplatte beschädigt, Daten dahin Entschuldige, dass es so lange gedauert hat. Ja, die Dateien sind sichtbar! Sonst fällt mir auf den ersten Blick nichts Besorgniserregendes auf, bis auf die Fehlermeldung "Internet Explorer funktioniert nicht mehr. Das Programm wird aufgrund eines Problemns nicht richtig ausgeführt." Tausend Dank fürs Helfen! |
12.06.2011, 22:53 | #13 |
/// Malware-holic | Festplatte beschädigt, Daten dahin ok das machen wir schon bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2011, 23:21 | #14 |
| Festplatte beschädigt, Daten dahin Ich müsste Norton Internet Security entfernen, damit Combofix unbehindert arbeiten kann, habe ihn zwar deinstalliert, er scheint aber dennoch auf |
12.06.2011, 23:46 | #15 |
| Festplatte beschädigt, Daten dahin Da ich in 5 Stunden raus muss, muss ich jetzt leider gehen. Ich bin morgen ab ca. 10:00 Uhr wieder online, es wäre nett, wenn wir dann weitermachen könnten. Bis hierhin vielen Dank und bis morgen! Gute Nacht! |
Themen zu Festplatte beschädigt, Daten dahin |
.html, aktionen, andere, arten, beim starten, bereits, beschädigt, compu, computers, daten, fehlmeldung, festplatte, festplatte beschädigt, funktionier, funktioniert, großer, inter, interne, internet, laptop, platte, plötzlich, problem, sicherheitshalber, starte, starten |