|
Log-Analyse und Auswertung: failed to save all components to file system 32 0000198f this file is corrupted unreadableWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.11.2011, 12:10 | #1 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable Guten Tag. Ich Habe ein Malware-Problem... Und zwar sagt mir mein PC die ganze Zeit " failed to save all components to file system 32 0000198f this file is corrupted unreadable ". Ich kann keine eigenen Dokumente, Dateien, Bilder etc. mehr einsehen. Habe schon einen OTL report durchgeführt, soll ich den mal posten? Wäre Super wenn ich hilfe bekomme MFG Moritz |
11.11.2011, 12:14 | #2 |
/// Malware-holic | failed to save all components to file system 32 0000198f this file is corrupted unreadable hi
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
11.11.2011, 12:29 | #3 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 11.11.2011 12:21:58 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Moritz\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,75% Memory free 7,73 Gb Paging File | 5,36 Gb Available in Paging File | 69,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,83 Gb Total Space | 335,62 Gb Free Space | 36,41% Space Free | Partition Type: NTFS Computer Name: MORITZ-PC | User Name: Moritz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Moritz\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Users\Moritz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (Systweak Inc) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll () MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll () MOD - C:\Program Files (x86)\Origin\phonon4.dll () MOD - C:\Program Files (x86)\Origin\QtXml4.dll () MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll () MOD - C:\Program Files (x86)\Origin\QtGui4.dll () MOD - C:\Program Files (x86)\Origin\QtCore4.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll () MOD - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll () MOD - C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Messenger Plus! Live\Detoured.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_a74ca62.dll () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (McProxy) -- C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.4.7 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100008 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Moritz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Moritz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.15 23:09:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.15 23:09:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2011.03.23 16:43:16 | 000,000,000 | ---D | M] [2010.02.02 21:26:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions [2011.11.09 12:09:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions [2010.10.03 18:25:03 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.02.05 19:53:43 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.02.07 17:53:54 | 000,000,000 | -H-D | M] (Messenger Plus Live Toolbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761} [2010.05.21 12:21:28 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.03 15:05:48 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.08.27 16:45:42 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\DTToolbar@toolbarnet.com [2011.03.11 05:27:30 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\ffxtlbr@babylon.com [2011.06.15 10:33:42 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\ffxtlbr@Facemoods.com [2010.04.28 16:44:37 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\firefox@tvunetworks.com [2011.11.09 11:59:18 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\88w054fu.default\extensions\toolbar@ask.com [2011.11.10 12:22:07 | 000,002,401 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\askcom.xml [2010.02.03 11:21:21 | 000,000,557 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\bing.xml [2011.02.07 16:44:59 | 000,000,873 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\conduit.xml [2010.08.27 16:45:00 | 000,002,059 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\daemon-search.xml [2011.10.27 23:54:10 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-1.xml [2011.02.13 05:25:16 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-2.xml [2011.02.15 15:18:10 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-3.xml [2011.03.30 12:06:08 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-4.xml [2011.04.19 22:23:05 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-5.xml [2011.06.08 13:57:42 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-6.xml [2011.08.15 23:03:05 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-7.xml [2011.09.07 13:10:41 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-8.xml [2011.10.19 14:35:59 | 000,000,950 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin-9.xml [2010.10.25 13:42:14 | 000,001,056 | -H-- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\88w054fu.default\searchplugins\icqplugin.xml [2011.08.14 18:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.09 01:51:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.03.23 16:43:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011.03.29 09:14:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.02.11 18:59:11 | 000,002,424 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.03.29 09:14:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.06.15 10:33:44 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.03.29 09:14:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.29 09:14:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.29 09:14:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2011.08.23 18:34:49 | 000,001,161 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 78.47.251.150 easyanticheat.se # misleading site O1 - Hosts: 78.47.251.150 Playstar ARENAN # misleading site O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site O1 - Hosts: 78.47.251.150 Sind Sie heute Gewinner? # misleading site O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site O1 - Hosts: 78.47.251.150 gamecheatss.net # misleading site O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Moritz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Moritz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk = C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\Program Files (x86)\Wecker6\WfWIEButton.dll (Christoph Bünger Software) O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\Program Files (x86)\Wecker6\WfWIEButton.dll (Christoph Bünger Software) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A266AAA-ABB7-40E1-9449-2280FD3234E4}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{249E324E-26E1-458C-8F48-7EEAE67AA982}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E35C2A-B363-4AA7-9F80-FA76E997ED9F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) -C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0f19bbd2-ae1f-11df-a5c3-002564edf8a6}\Shell - "" = AutoRun O33 - MountPoints2\{0f19bbd2-ae1f-11df-a5c3-002564edf8a6}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1cf5019a-b591-11df-9fbe-002564edf8a6}\Shell - "" = AutoRun O33 - MountPoints2\{1cf5019a-b591-11df-9fbe-002564edf8a6}\Shell\AutoRun\command - "" = E:\Razor1911_Installer.exe O33 - MountPoints2\{8b872a41-a874-11df-a558-002564edf8a6}\Shell - "" = AutoRun O33 - MountPoints2\{8b872a41-a874-11df-a558-002564edf8a6}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d854a9d8-9ccd-11df-9f30-002564edf8a6}\Shell - "" = AutoRun O33 - MountPoints2\{d854a9d8-9ccd-11df-9f30-002564edf8a6}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d854a9e1-9ccd-11df-9f30-002564edf8a6}\Shell - "" = AutoRun O33 - MountPoints2\{d854a9e1-9ccd-11df-9f30-002564edf8a6}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.11 11:51:35 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare Data Recovery Standard [2011.11.11 11:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenorshare Data Recovery Standard [2011.11.11 11:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tenorshare Data Recovery Standard [2011.11.10 20:59:06 | 000,000,000 | -H-D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.11.10 01:50:41 | 000,000,000 | -H-D | C] -- C:\Users\Moritz\AppData\Local\Akamai [2011.11.05 18:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12 [2011.11.03 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2011.11.02 01:41:22 | 000,000,000 | -H-D | C] -- C:\Users\Moritz\Desktop\Love [2011.11.01 19:28:35 | 000,000,000 | -H-D | C] -- C:\Users\Moritz\Documents\Battlefield 3 [2011.10.16 18:46:22 | 000,000,000 | -H-D | C] -- C:\Users\Moritz\Desktop\Fritz_Kalkbrenner-Here_Today_Gone_Tomorrow-(SUOLCD001)-WEB-2010-320_INT [2011.10.13 20:10:05 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.13 20:10:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.13 20:10:04 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.10.13 20:10:04 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.10.13 20:10:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.13 20:10:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.13 20:10:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.13 20:10:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.13 20:10:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.13 20:10:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.10.13 20:10:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.10.13 20:10:02 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.10.13 20:10:02 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.10.13 20:10:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.10.13 20:10:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.10.13 20:08:09 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.13 20:08:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.13 20:08:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.10.13 20:08:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.13 20:08:09 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.13 20:08:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.10.13 20:08:08 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.10.13 20:08:08 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.10.13 20:08:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.10.13 20:08:08 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.10.13 20:08:06 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.13 20:08:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll ========== Files - Modified Within 30 Days ========== [2011.11.11 12:20:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 12:20:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 12:17:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.11 12:17:24 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.11 12:17:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.11 12:17:24 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.11 12:17:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.11 12:14:36 | 000,001,426 | -H-- | M] () -- C:\Users\Moritz\Desktop\Registry kostenlos entrümpeln!.lnk [2011.11.11 12:13:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.11 12:12:54 | 000,074,730 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2011.11.11 12:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.11 12:12:17 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys [2011.11.11 11:51:35 | 000,001,298 | ---- | M] () -- C:\Users\Moritz\Desktop\Tenorshare Data Recovery Standard.lnk [2011.11.11 11:40:43 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.10 21:14:52 | 000,000,432 | -H-- | M] () -- C:\ProgramData\CO8PYibijwM2oH [2011.11.10 21:09:10 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~CO8PYibijwM2oH [2011.11.10 21:09:10 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~CO8PYibijwM2oHr [2011.11.10 18:48:01 | 000,000,932 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2074000766-3916738117-3906563956-1000UA.job [2011.11.10 15:02:15 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2011.11.10 00:48:00 | 000,000,910 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2074000766-3916738117-3906563956-1000Core.job [2011.11.09 23:58:11 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2011.11.09 03:18:23 | 000,441,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.08 20:43:38 | 005,943,649 | -H-- | M] () -- C:\Users\Moritz\Desktop\Europahymne mit Text.mp3 [2011.11.08 08:44:58 | 013,820,953 | -H-- | M] () -- C:\Users\Moritz\Desktop\Empire of the Sun - We are the people (Shazam remix).mp3 [2011.11.08 08:33:15 | 010,362,947 | -H-- | M] () -- C:\Users\Moritz\Desktop\Jamie xx - Beat For.mp3 [2011.11.08 08:26:35 | 006,425,771 | -H-- | M] () -- C:\Users\Moritz\Desktop\The Futureheads - Heartbeat Song.mp3 [2011.11.08 08:22:53 | 016,365,963 | -H-- | M] () -- C:\Users\Moritz\Desktop\Bibio - Lovers' Carvings (Catz N Dogz Re-Edit).mp3 [2011.11.06 00:57:04 | 000,076,634 | -H-- | M] () -- C:\Users\Moritz\Desktop\2011-11-06 00.56.25.jpg [2011.11.04 20:48:27 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.04 20:48:27 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.04 20:47:05 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.11.03 18:33:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.26 13:17:39 | 023,927,544 | -H-- | M] () -- C:\Users\Moritz\Desktop\12 Monkeys Jeffrey Goines & James Cole (German).mp3 [2011.10.26 13:09:58 | 007,550,859 | -H-- | M] () -- C:\Users\Moritz\Desktop\Fight Club - Best Scene (German Dub).mp3 [2011.10.25 20:24:56 | 016,768,890 | -H-- | M] () -- C:\Users\Moritz\Desktop\Art Department - Living The Life (Feat.mp3 [2011.10.23 18:05:08 | 000,079,749 | -H-- | M] () -- C:\Users\Moritz\Desktop\2011-08-20 00.40.11.jpg [2011.10.22 19:00:26 | 001,521,489 | -H-- | M] () -- C:\Users\Moritz\Desktop\2011-10-22 20.00.26.jpg [2011.10.22 14:29:46 | 012,749,339 | -H-- | M] () -- C:\Users\Moritz\Desktop\Solee - Oasis (Original Mix).mp3 [2011.10.22 14:22:36 | 022,865,781 | -H-- | M] () -- C:\Users\Moritz\Desktop\Deniz Kurtel feat.mp3 [2011.10.16 00:18:03 | 011,029,751 | -H-- | M] () -- C:\Users\Moritz\Desktop\Paul Kalkbrenner - Mad World.mp3 ========== Files Created - No Company Name ========== [2011.11.11 11:51:35 | 000,001,298 | ---- | C] () -- C:\Users\Moritz\Desktop\Tenorshare Data Recovery Standard.lnk [2011.11.10 20:59:07 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~CO8PYibijwM2oHr [2011.11.10 20:59:06 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~CO8PYibijwM2oH [2011.11.10 20:59:04 | 000,000,432 | -H-- | C] () -- C:\ProgramData\CO8PYibijwM2oH [2011.11.08 20:43:32 | 005,943,649 | -H-- | C] () -- C:\Users\Moritz\Desktop\Europahymne mit Text.mp3 [2011.11.08 20:33:16 | 000,352,844 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick01.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick08.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick07.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick06.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick05.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick04.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick03.wav [2011.11.08 20:33:16 | 000,328,232 | -H-- | C] () -- C:\Users\Moritz\Desktop\Kick02.wav [2011.11.08 08:44:43 | 013,820,953 | -H-- | C] () -- C:\Users\Moritz\Desktop\Empire of the Sun - We are the people (Shazam remix).mp3 [2011.11.08 08:33:06 | 010,362,947 | -H-- | C] () -- C:\Users\Moritz\Desktop\Jamie xx - Beat For.mp3 [2011.11.08 08:26:29 | 006,425,771 | -H-- | C] () -- C:\Users\Moritz\Desktop\The Futureheads - Heartbeat Song.mp3 [2011.11.08 08:22:38 | 016,365,963 | -H-- | C] () -- C:\Users\Moritz\Desktop\Bibio - Lovers' Carvings (Catz N Dogz Re-Edit).mp3 [2011.11.06 00:58:24 | 000,076,634 | -H-- | C] () -- C:\Users\Moritz\Desktop\2011-11-06 00.56.25.jpg [2011.10.26 13:17:21 | 023,927,544 | -H-- | C] () -- C:\Users\Moritz\Desktop\12 Monkeys Jeffrey Goines & James Cole (German).mp3 [2011.10.26 13:09:52 | 007,550,859 | -H-- | C] () -- C:\Users\Moritz\Desktop\Fight Club - Best Scene (German Dub).mp3 [2011.10.25 20:24:40 | 016,768,890 | -H-- | C] () -- C:\Users\Moritz\Desktop\Art Department - Living The Life (Feat.mp3 [2011.10.23 18:04:47 | 000,079,749 | -H-- | C] () -- C:\Users\Moritz\Desktop\2011-08-20 00.40.11.jpg [2011.10.23 18:04:00 | 001,521,489 | -H-- | C] () -- C:\Users\Moritz\Desktop\2011-10-22 20.00.26.jpg [2011.10.22 14:29:35 | 012,749,339 | -H-- | C] () -- C:\Users\Moritz\Desktop\Solee - Oasis (Original Mix).mp3 [2011.10.22 14:22:13 | 022,865,781 | -H-- | C] () -- C:\Users\Moritz\Desktop\Deniz Kurtel feat.mp3 [2011.10.16 00:17:53 | 011,029,751 | -H-- | C] () -- C:\Users\Moritz\Desktop\Paul Kalkbrenner - Mad World.mp3 [2011.06.01 11:34:32 | 000,000,504 | -H-- | C] () -- C:\Users\Moritz\AppData\Roaming\wklnhst.dat [2011.05.09 16:53:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.04.16 01:04:20 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.20 18:00:48 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.10.07 00:53:14 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.04.14 18:47:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.12 15:05:25 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.12 15:05:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.03.12 15:05:16 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.02.19 18:59:44 | 000,002,892 | -H-- | C] () -- C:\Windows\SysWow64\audcon.sys [2010.02.13 00:13:06 | 000,000,000 | -H-- | C] () -- C:\Users\Moritz\AppData\Roaming\DataSafeDotNet.exe [2010.01.07 19:28:57 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2010.01.07 19:28:57 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2010.01.07 19:28:57 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2010.01.07 19:28:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.01.07 19:28:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.01.07 19:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.16 12:25:02 | 000,121,512 | RH-- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > |
11.11.2011, 12:33 | #4 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.11.2011 12:21:58 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Moritz\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,75% Memory free 7,73 Gb Paging File | 5,36 Gb Available in Paging File | 69,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,83 Gb Total Space | 335,62 Gb Free Space | 36,41% Space Free | Partition Type: NTFS Computer Name: MORITZ-PC | User Name: Moritz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{8A70B027-4813-B42B-FF66-04E58417028A}" = ccc-utility64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64 "ESL Wire_is1" = ESL Wire 1.9.6 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Essentials" = Microsoft Security Essentials "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{065FD621-FE29-F086-8B68-26C40F2568F6}" = CCC Help Spanish "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07B0A8BD-DC56-9391-029D-901B537C0EE5}" = CCC Help Finnish "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0A4DBC25-3DD9-9503-24D9-268112B62076}" = CCC Help Hungarian "{0A89364A-98BC-42AD-87DD-25BFE7C39EAC}" = MAGIX Screenshare "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1518157C-607B-2B60-B121-EAB7042C75AB}" = Skins "{157AB353-60BB-E1A7-4E79-15C35655C694}" = CCC Help English "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1B70920B-70FC-C906-623C-F366B0F7DB53}" = Catalyst Control Center InstallProxy "{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22E76329-0ED8-E755-2C14-07C80621DF7E}" = CCC Help Portuguese "{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18 "{27427D07-F798-0398-997C-525E982BF0BE}" = Catalyst Control Center Core Implementation "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{28A25B98-A2E9-89A5-FCF3-DF93B9564775}" = CCC Help Italian "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33B436A1-64C1-1726-2209-E69BF2DFE138}" = CCC Help Czech "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO "{44047051-85A6-83A1-0B76-0A4EF34F82B2}" = Catalyst Control Center Localization All "{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta "{482A6D85-E279-9B0F-8D36-091F3B64B787}" = Catalyst Control Center Graphics Previews Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4FB805E5-9716-C5D0-9114-65C78E3098DD}" = CCC Help Swedish "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5A3B69A7-C63E-7F9B-55DD-CD65F7440FED}" = CCC Help Danish "{5B1EF562-C533-9035-D6BB-7BD5C6D9DC3F}" = Catalyst Control Center Graphics Full Existing "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning "{6327A158-4E59-4E01-8E41-F325D3D4BAA0}" = MAGIX Speed burnR (MSI) "{63892687-346C-6868-029C-A1BCCCACC4C0}" = CCC Help Chinese Traditional "{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™ "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C3BF763-2CC5-2E20-4491-DF399C05C547}" = CCC Help Greek "{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common "{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61 "{6F4ED9D9-0854-C415-7BD6-908380D81518}" = Catalyst Control Center Graphics Full New "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{735AA36F-9A9E-477B-BC74-9E6AF1A8A6D8}" = MAGIX Music Maker MX Premium Download-Version "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{877335C1-A573-6B0B-9635-DFD043E4445A}" = CCC Help Norwegian "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EBA7A74-9CB9-1336-8F32-2E503E6D530F}" = CCC Help French "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90F1906E-C084-9499-DFC3-E8A191B1E259}" = Catalyst Control Center Graphics Light "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{934328D5-F05A-8749-2915-EDCBE9DBBC61}" = CCC Help Polish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{995C73F0-2853-45DF-030F-DFEEB000BC10}" = CCC Help German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "{A2767DE2-385F-2A50-592F-FB7B041926DE}" = CCC Help Chinese Standard "{A4601B40-79E2-4E67-EB56-8A77B9D03839}" = CCC Help Dutch "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AACCF0A0-B426-9DA1-7900-7CDA55C674BE}" = CCC Help Korean "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1AFAA4E-AE88-3B08-E40A-FB1D64F0F880}" = CCC Help Thai "{B36C7330-3B0A-4AD5-BB26-8407C7AC9CD8}" = Steinberg Sequel 2 "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6C07454-A9BC-D101-1DA7-B41E95008200}" = CCC Help Turkish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C2B9D3E1-B7FB-00FB-A14C-664B13174ED4}" = CCC Help Russian "{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E41E6CB8-AD30-A818-EA5D-0C6A92E51D0C}" = CCC Help Japanese "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{EA8F8D1C-0565-BD71-BFC3-57A21E8AA6FD}" = Catalyst Control Center Graphics Previews Vista "{EC409A8A-525C-3F44-5266-13FAE4E5BF7B}" = ccc-core-static "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFDC4005-E968-498D-93C8-CC148742167D}}_is1" = Wecker für Windows 6.5 "1489-3350-5074-6281" = JDownloader 0.9 "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface Service "ASIO4ALL" = ASIO4ALL "Battlelog Web Plugins" = Battlelog Web Plugins "conduitEngine" = Conduit Engine "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ESN Sonar-0.70.0" = ESN Sonar "ESN Sonar-0.70.4" = ESN Sonar "facemoods" = Facemoods Toolbar "FL Studio 10" = FL Studio 10 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815 "Google Chrome" = Google Chrome "ICQToolbar" = ICQ Toolbar "IL Download Manager" = IL Download Manager "InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "JDownloader" = JDownloader "MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium Download-Version "McAfee Security Scan" = McAfee Security Scan Plus "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar "Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21) "MSC" = McAfee SecurityCenter "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "RegClean Pro_is1" = RegClean Pro "SecondLifeViewer2" = SecondLifeViewer2 (remove only) "SopCast" = SopCast 3.2.9 "Steam App 10" = Counter-Strike "Steam App 10500" = Empire: Total War "Steam App 12200" = Bully: Scholarship Edition "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City "Steam App 17390" = Spore "Steam App 240" = Counter-Strike: Source "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 34330" = Total War: SHOGUN 2 "Steam App 35110" = Just Cause 2 Demo "Steam App 40920" = NBA 2K10 "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 43110" = Metro 2033 "Steam App 440" = Team Fortress 2 "Steam App 50130" = Mafia II "Steam App 7670" = BioShock "Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 5" = TeamViewer 5 "Tenorshare Data Recovery Standard" = Tenorshare Data Recovery Standard "TVUPlayer" = TVUPlayer 2.5.2.2 "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV 0.9.17 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Game Organizer" = EasyBits GO "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player "Vietcong 2" = Vietcong 2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.03.2011 12:37:51 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 23.03.2011 19:33:06 | Computer Name = Moritz-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 24.03.2011 10:22:42 | Computer Name = Moritz-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 24.03.2011 10:23:43 | Computer Name = Moritz-PC | Source = MsiInstaller | ID = 10005 Description = Error - 24.03.2011 10:28:43 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 24.03.2011 10:28:43 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 24.03.2011 10:28:43 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 24.03.2011 10:28:43 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 24.03.2011 10:28:43 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 24.03.2011 10:28:43 | Computer Name = Moritz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ Media Center Events ] Error - 23.08.2010 07:45:52 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 13:45:52 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 23.08.2010 07:46:28 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 13:46:16 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 23.08.2010 07:46:49 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 13:46:49 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 23.08.2010 07:46:53 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 13:46:50 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 24.08.2010 07:54:18 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 13:54:18 - Fehler beim Herstellen der Internetverbindung. 13:54:18 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2010 07:54:28 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 13:54:23 - Fehler beim Herstellen der Internetverbindung. 13:54:23 - Serververbindung konnte nicht hergestellt werden.. Error - 31.08.2010 08:31:14 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 14:31:13 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 06.01.2011 11:05:18 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 16:05:12 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 15.01.2011 05:22:33 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 10:22:33 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 17.01.2011 09:49:34 | Computer Name = Moritz-PC | Source = MCUpdate | ID = 0 Description = 14:49:34 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) [ System Events ] Error - 11.11.2011 06:33:16 | Computer Name = Moritz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.11.2011 06:33:45 | Computer Name = Moritz-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: RxFilter Error - 11.11.2011 06:33:49 | Computer Name = Moritz-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11.11.2011 06:33:49 | Computer Name = Moritz-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11.11.2011 06:33:49 | Computer Name = Moritz-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11.11.2011 06:35:02 | Computer Name = Moritz-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11.11.2011 07:12:28 | Computer Name = Moritz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.11.2011 07:12:43 | Computer Name = Moritz-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11.11.2011 07:12:41 | Computer Name = Moritz-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: RxFilter Error - 11.11.2011 07:14:13 | Computer Name = Moritz-PC | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > |
11.11.2011, 13:22 | #5 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable ist hier etwas zu erkennen?... sorry wenn ich ungeduldig bin |
11.11.2011, 13:28 | #6 |
/// Malware-holic | failed to save all components to file system 32 0000198f this file is corrupted unreadable hi, ich weis nicht ob dir schon aufgefallen ist das du nicht der einzige bist hier? ich, und alle andern helfer sind privat personen, wir machen das in unserer freizeit also wenn du mal n paar stunden keine antwort bekommst musst du halt mal warten, logs lassen sich auch nicht so schnell analysieren und ich fange jetzt an.
__________________ --> failed to save all components to file system 32 0000198f this file is corrupted unreadable |
11.11.2011, 13:30 | #7 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable okay, habe natürlich vollstes verständniss! lassen Sie sich zeit, und vielen dank für ihre Hilfe |
11.11.2011, 13:35 | #8 |
/// Malware-holic | failed to save all components to file system 32 0000198f this file is corrupted unreadable hiho ich sehe hier mehrere antimalware programme: McAfee kaspersky eins der beiden muss weg, es kann zu problemen führen mehrere antimalware programme mit hintergrund wächter zu nutzen, teile mir mit welches du deinstalierst. deinstaliere außerdem die ask toolbar, toolbars sind ein sicherheits risiko. achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050SearchSource=3q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" [2011.11.10 20:59:06 | 000,000,000 | -H-D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.11.10 21:14:52 | 000,000,432 | -H-- | M] () -- C:\ProgramData\CO8PYibijwM2oH [2011.11.10 21:09:10 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~CO8PYibijwM2oH [2011.11.10 21:09:10 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~CO8PYibijwM2oHr :Files :Commands [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.11.2011, 14:01 | #9 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable habe unhide geladen und mit otl gefixed, aber wo bitte kann ich das textdokument finden |
11.11.2011, 14:08 | #10 |
/// Malware-holic | failed to save all components to file system 32 0000198f this file is corrupted unreadable c:\_otl\ordner mit heutigem datum dort ists drinn dannn sag mir ob die symbole etc wieder da sind :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.11.2011, 14:12 | #11 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable ========== OTL ========== Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050SearchSource=3q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore folder moved successfully. C:\ProgramData\CO8PYibijwM2oH moved successfully. C:\ProgramData\~CO8PYibijwM2oH moved successfully. C:\ProgramData\~CO8PYibijwM2oHr moved successfully. ========== FILES ========== ========== COMMANDS ========== OTL by OldTimer - Version 3.2.31.0 log created on 11112011_134427 |
11.11.2011, 14:13 | #12 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable Dateien alles wieder da, systemsteuerung fehlt noch |
11.11.2011, 14:19 | #13 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable dateien wieder da! systemsteuerung fehlt und desktop ist schwarz mit dateien drauf |
11.11.2011, 14:25 | #14 |
/// Malware-holic | failed to save all components to file system 32 0000198f this file is corrupted unreadable jo immer mit der ruhe wir haben ja erst angefangen :-) combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.11.2011, 14:49 | #15 |
| failed to save all components to file system 32 0000198f this file is corrupted unreadable ich glaube combofix arbeitet nicht mit windows 7; 64 bit system |
Themen zu failed to save all components to file system 32 0000198f this file is corrupted unreadable |
bilder, corrupted, dateien, dokumente, durchgeführt, failed, file, guten, poste, posten, report, super, system, system 32, this |