| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetseiten lassen sich plötzlich nicht mehr öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2012, 21:19
| #1 |
 |  Internetseiten lassen sich plötzlich nicht mehr öffnen Hallo, ich habe folgendes Problem. Seit heute lassen sich auf meinem Laptop (Windows 7) bestimmte Internetseiten nicht oder nur langsam öffnen (Spox.com, googlemail gar nicht mehr). Ich habe den CCleaner den Cache leeren lassen und mit Spybot durchsuchen lassen, der hat nix gefunden. Was soll ich machen? Auch ein anderer Browser wie Opera bringt nix, habe normalerweise den aktuellen IEP. Hoffentlich kann mir hier jemand helfen!!!! Vielen Dank schonmal im Voraus!!! |
|
22.05.2012, 22:29
| #2 | ||
| /// Helfer-Team    | Internetseiten lassen sich plötzlich nicht mehr öffnen Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
23.05.2012, 10:02
| #3 |
| | Internetseiten lassen sich plötzlich nicht mehr öffnen Also, hier das Ergebnis des Malwarescans:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tobias Lutz :: TOBIASLUTZ-PC [Administrator] Schutz: Aktiviert 22.05.2012 23:54:52 mbam-log-2012-05-22 (23-54-52).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 356768 Laufzeit: 1 Stunde(n), 41 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 01:39:48 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Tobias Lutz\Desktop\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,11 Gb Available Physical Memory | 64,75% Memory free 15,79 Gb Paging File | 11,95 Gb Available in Paging File | 75,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 576,54 Gb Total Space | 491,04 Gb Free Space | 85,17% Space Free | Partition Type: NTFS Drive F: | 982,13 Mb Total Space | 804,28 Mb Free Space | 81,89% Space Free | Partition Type: FAT Drive U: | 19,53 Gb Total Space | 11,10 Gb Free Space | 56,85% Space Free | Partition Type: NTFS Drive V: | 19,53 Gb Total Space | 11,10 Gb Free Space | 56,85% Space Free | Partition Type: NTFS Drive W: | 19,53 Gb Total Space | 11,10 Gb Free Space | 56,85% Space Free | Partition Type: NTFS Computer Name: TOBIASLUTZ-PC | User Name: Tobias Lutz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias Lutz\Desktop\OTL\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe (Nero AG) PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9bfbf0613d3780e34d98333c7b381218\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d900f9ec12af9070d7c8f061a2b2618c\System.Printing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\305c4315c192a2964a312051caa5259e\ReachFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\b935f8a4e6115d3eeb7bb293bf4b2257\PresentationUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\bf659f9bb758ac14ed7a37bdfe965849\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.WinForms.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\libcef.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll () MOD - C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - c:\Program Files\mcafee\msk\mskapbho.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (HPSLPSVC) -- C:\Users\TOBIAS~1\AppData\Local\Temp\7zS57C8\hpslpsvc64.dll (Hewlett-Packard Co.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {481DDB99-4189-4DF0-A871-4F7E744935FD} IE:64bit: - HKLM\..\SearchScopes\{481DDB99-4189-4DF0-A871-4F7E744935FD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {481DDB99-4189-4DF0-A871-4F7E744935FD} IE - HKLM\..\SearchScopes\{481DDB99-4189-4DF0-A871-4F7E744935FD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {481DDB99-4189-4DF0-A871-4F7E744935FD} IE - HKCU\..\SearchScopes\{161ED2B9-801E-4ADF-98A3-70C18BC1FCA0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{43B83F3F-378A-4F6C-B145-CA57297E5682}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=8A3C26A0-46AD-4816-B7DF-A80DCCDED85D&apn_sauid=E3C52581-8C21-4CF9-ADA7-2F8A09573022 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcSearchScopes IE - HKCU\..\SearchScopes\{E8598029-3789-41B2-901F-7DB236F7237F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.10 16:57:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120509165320.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120509165320.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [Facebook Update] C:\Users\Tobias Lutz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1A52AA-31FD-4345-8815-89EB7255B318}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A672E1-39F6-4FD4-92AC-55A7265C9F54}: DhcpNameServer = 10.1.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.26 21:54:50 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ] O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - U:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - V:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - W:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 00:30:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\OTL [2012.05.23 00:04:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.22 23:53:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Malwarebytes [2012.05.22 23:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 23:52:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.22 23:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.22 23:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.22 23:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.05.22 23:51:37 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Malwarebytes [2012.05.22 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\HIJACK [2012.05.22 22:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.22 19:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.22 19:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.22 19:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.22 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.22 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.22 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Opera [2012.05.22 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Local\Opera [2012.05.22 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.05.20 21:02:31 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner (3) [2012.05.20 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner [2012.05.18 10:09:42 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.05.11 14:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Fotos 2 [2012.05.10 23:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.10 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.10 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.10 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.10 17:17:36 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 17:17:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 17:16:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 17:16:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 19:14:28 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Musik Flo [2012.05.07 18:01:38 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Local\{42F0469A-24DB-41C5-8E07-616D2D744617} [2012.05.07 17:58:20 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.07 17:58:15 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.04.24 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner (4) [2012.04.24 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Documents\Foto-Mosaik-Edda [2012.04.24 21:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foto-Mosaik-Edda [2012.04.24 21:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foto-Mosaik-Edda ========== Files - Modified Within 30 Days ========== [2012.05.23 01:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.23 01:09:04 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3101248543-738126447-479064676-1001UA.job [2012.05.23 01:08:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.23 01:06:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3101248543-738126447-479064676-1001Core.job [2012.05.22 23:54:42 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.22 23:54:42 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.22 23:52:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 23:52:50 | 005,357,014 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.22 23:52:50 | 002,058,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.22 23:52:50 | 001,640,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.22 23:52:50 | 001,466,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.22 23:52:50 | 000,006,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.22 23:46:52 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.22 23:46:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.22 23:46:36 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys [2012.05.22 22:44:08 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.22 22:43:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.22 22:43:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.22 19:27:51 | 000,001,260 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Spybot - Search & Destroy.lnk [2012.05.22 18:59:45 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.05.22 18:49:19 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.22 18:44:49 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.05.21 19:17:51 | 001,267,758 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\CIMG2600.jpg [2012.05.18 10:09:42 | 000,001,347 | ---- | M] () -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.05.14 20:58:30 | 000,056,192 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Anschreiben Eltern.pdf [2012.05.13 22:25:14 | 000,058,290 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Die tapferen Sechs und der Ritt nach Prag.pdf [2012.05.13 22:24:28 | 000,058,313 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Märchen von den tapferen Sechs und dem Ritt nach Prag.pdf [2012.05.11 14:46:08 | 000,459,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.10 23:07:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.09 16:16:26 | 000,109,630 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\750_500_fas-bu1k8100.jpg [2012.05.09 16:16:26 | 000,095,269 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Maik.jpg [2012.05.07 19:01:27 | 326,517,227 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Anheizer.wmv [2012.05.07 17:58:20 | 000,001,304 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Free YouTube Download.lnk ========== Files Created - No Company Name ========== [2012.05.22 23:52:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 22:44:08 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.22 22:43:52 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.22 22:43:52 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.22 19:27:51 | 000,001,260 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Spybot - Search & Destroy.lnk [2012.05.22 18:49:19 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.22 18:44:49 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.22 18:44:49 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.05.21 19:17:51 | 001,267,758 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\CIMG2600.jpg [2012.05.18 10:09:42 | 000,001,347 | ---- | C] () -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.05.14 20:58:30 | 000,056,192 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Anschreiben Eltern.pdf [2012.05.13 22:25:13 | 000,058,290 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Die tapferen Sechs und der Ritt nach Prag.pdf [2012.05.13 22:24:27 | 000,058,313 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Märchen von den tapferen Sechs und dem Ritt nach Prag.pdf [2012.05.10 23:07:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.09 16:21:05 | 000,095,269 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Maik.jpg [2012.05.09 16:16:40 | 000,109,630 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\750_500_fas-bu1k8100.jpg [2012.05.07 18:58:02 | 326,517,227 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Anheizer.wmv [2012.05.07 17:58:20 | 000,001,304 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Free YouTube Download.lnk [2012.01.29 13:10:34 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Lutz\AppData\Local\rx_image32.Cache [2011.10.18 19:07:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.13 13:24:40 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.09.13 13:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.13 13:23:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.13 13:23:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.02.11 12:22:50 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI < End of report > Ergebnis Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2012 01:39:48 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Tobias Lutz\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 5,11 Gb Available Physical Memory | 64,75% Memory free
15,79 Gb Paging File | 11,95 Gb Available in Paging File | 75,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,54 Gb Total Space | 491,04 Gb Free Space | 85,17% Space Free | Partition Type: NTFS
Drive F: | 982,13 Mb Total Space | 804,28 Mb Free Space | 81,89% Space Free | Partition Type: FAT
Drive U: | 19,53 Gb Total Space | 11,10 Gb Free Space | 56,85% Space Free | Partition Type: NTFS
Drive V: | 19,53 Gb Total Space | 11,10 Gb Free Space | 56,85% Space Free | Partition Type: NTFS
Drive W: | 19,53 Gb Total Space | 11,10 Gb Free Space | 56,85% Space Free | Partition Type: NTFS
Computer Name: TOBIASLUTZ-PC | User Name: Tobias Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC0D44-AD8D-4F3B-AEED-DB513BE78EB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1291FB18-88C1-43B1-8C01-9A025FD3B905}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F0689BC-EAA8-4F1F-BF07-71E5605E8D97}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{32966854-ED5A-4CFB-A94F-DFB7B5AD5BA1}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{3555ED49-FED4-4628-BA3F-EDC6E2C06AAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{38B5EA45-A595-403C-9E01-F4F149355887}" = rport=139 | protocol=6 | dir=out | app=system |
"{398588F0-D39B-43E5-B314-E98A50EEB0EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5148C1DD-6DA5-4044-B122-DB98EB7BDFD0}" = rport=137 | protocol=17 | dir=out | app=system |
"{529739B7-6647-4AAC-9D9C-AB08E0D7202C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F792DF9-84C4-4474-B8E4-BBB2C056462D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6537FB58-A66E-4F43-8831-9FFBC722A53C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6C68EEE1-6443-4275-B2A2-403B4A2E0999}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{70748115-ECB7-4DAB-B88A-08D6F3154E0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7906CF20-7663-4FF9-A4BB-9778A5E82CFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{81494444-73D7-4E97-9E00-5BE6F37422D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{86156D2E-AE92-4FEF-A1C6-A9FF832F756C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88831077-30AB-40E0-969E-C654985C6366}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FFF83CF-727F-4C0F-A0C9-F72BC7CC5B76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9185A8AF-638B-4A04-961D-204FB314B1E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CA27315-8D95-4063-B2AE-61A361D1AD07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DDB425F-B712-4744-9FE1-8410559D8BFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A4EFC9CC-F117-40E4-AA51-8BE98E34DC98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7BA5E50-6E24-43FA-90DB-6AC469EE798B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B804B641-DA67-4638-A842-4A48AC54CC39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C125D24B-CC6E-44F8-BF00-5C96C7F7E286}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEF5D932-7424-4313-A4BF-A3EBFAA4169D}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF9038CC-C2DF-43BA-A2EB-3CC43F54F431}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{CFA38176-E09A-4012-A06A-EE48BF0C77E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCF56A5A-D794-478B-8350-ECBE0CB8A5E6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3C57A30-8FA7-4F51-B175-E09C60165712}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040C4D65-423C-40BF-BBEB-4622EFEC72A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{055C8553-9D42-49F5-B212-1E47F32BB699}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{0646BFC4-0F5A-4F0E-846D-97695E027C6E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0803CA1D-5B78-48E4-A8BC-6CE02EB2A0AD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"{09E3C42C-16DF-4EF9-B345-EB5BBC1B9490}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15A6AFD0-5757-47BA-BAF2-D3DBDACE2E82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A5737DB-2C54-4670-A7FB-E919C7DB9181}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{207C4601-B37E-4627-BFB5-E2EB698A73B3}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{2199F15C-6176-48A6-B428-C7B6CDE291F4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{2459D011-2EAE-40C1-A872-5050869E88F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29FE00CD-A93A-488F-8D96-1FEA8047F0A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3004A608-1179-4C72-9C68-C09906211D52}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3751D51D-C712-4B5E-888C-EDCFBCBF4997}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{385D18B0-9745-4A8A-89A2-CF706E400A92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B14C467-3A17-4024-95DF-597E981C44B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48B02715-B83F-438D-8C7E-1B84FA568D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{529A3860-10FC-43BC-BE5A-A19045BBF266}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{54E882BF-DBF3-4111-8B03-48055F7B5A37}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"{570BECB4-9F83-44C8-B564-B6C370D46F1E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{58198ECC-EEA5-4C61-8C49-D6FA07BE99BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64240A80-2FA6-4D22-85CA-968CF0DF52FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{702486CB-7F69-40E7-B49C-3D807CF5A7A6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{7691EAF7-AEE8-45A4-B0F1-32F1D9CD94EF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{78121C21-19D8-40A9-8B41-1AE827D0CDE8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{79937015-7C1F-463C-B222-CFA81584EC61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7ABD082F-A7C8-41B2-9FC0-1EE1F6EA879A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E1D9EF2-E925-46E5-A76F-603EFB097072}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EC104B7-030C-4E84-8ADD-127980FE7C29}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{88ABEAC8-2046-454C-9215-34B6ECD9AFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{88C8150E-CAB0-4974-AF4B-8AB64F936590}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8DABD1DD-966C-44BD-AD63-2389E2A73BFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8EC12308-2221-408D-AC53-CDAC2347487B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8F13C281-6059-430F-B0E0-D3658BAF19B3}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{90BF320F-3D55-4C74-BB8E-D761DB53C4A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94ACE673-4268-4CE8-89C0-4C514B273B03}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9507F7C7-8DA1-4EFA-8086-BFDD1881D84A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{96FF9442-4A1C-4A2B-B57F-95229B0C13DC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{9F03695F-2F4E-4BE2-A07A-0DD75F386532}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A00F1F65-E0E2-443E-8723-8984917EE9C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A240E373-2961-46C3-9951-E894A4BF737B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAD29D09-9A75-4063-963C-2A4DC1BE5146}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{B790920F-EBF3-46C7-87A0-296D440E70D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C149ECC6-26EF-4931-85D0-338E7D3B10FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D241173A-D166-4E59-80EC-39FB4C316E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{D8976754-E918-4AF9-BF9E-9D8B8087D9D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DA44627F-AF06-48F9-B08F-7044E0F26C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4B73774-BBE2-4DD6-956D-314CE4D2E21C}" = protocol=6 | dir=out | app=system |
"{E7C0AD6A-7AB6-4081-9E3B-E8C309FF1131}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E957000A-36DA-4F26-ADC8-8CCAF27DB7AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EC2729CA-4CA2-4BF1-B0B7-A5202B033239}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2973F1F-D55C-4023-ABDA-E1DFD1AE350D}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F42D4104-B736-4914-921E-90EA909DDE52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7843423-B734-410B-A58C-FA5F1F8683AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F90E0218-0D4B-456B-93E7-DAED0D4CB1D2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FE53DE3E-E9A1-4289-A3B3-2BC5FBC56F22}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"TCP Query User{835097A1-E749-41E6-A84D-10A878176CFF}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{2DFF1CF9-E95D-492D-A2B8-EE9A72231931}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D6C6D02-F201-42AA-B53B-7B5166B6705C}" = FIFA 12 DEMO
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11255.1
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Dell Webcam Central" = Dell Webcam Central
"Der_Deploy_0" = Der Kleine Turnierplaner 6.7.3.1a
"Free YouTube Download_is1" = Free YouTube Download version 3.1.26.504
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MDI (Microsoft Office Document Image) Viewer_is1" = MDI viewer 0.1
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 11.64.1403" = Opera 11.64
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.4.0
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.05.2012 06:57:52 | Computer Name = TobiasLutz-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 14.05.2012 07:46:37 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2012 07:46:37 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
Error - 14.05.2012 07:46:37 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
Error - 14.05.2012 07:46:38 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2012 07:46:38 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028
Error - 14.05.2012 07:46:38 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028
Error - 14.05.2012 07:46:39 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2012 07:46:39 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027
Error - 14.05.2012 07:46:39 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027
[ System Events ]
Error - 09.02.2012 09:16:00 | Computer Name = TobiasLutz-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.02.2012 09:16:00 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.02.2012 09:16:00 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.02.2012 09:16:16 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
Und hier noch die Liste der Programme: Code:
ATTFilter AccelerometerP11 STMicroelectronics 12.09.2011 2.00.11.22 Adobe AIR Adobe Systems Incorporated 12.09.2011 2.6.0.19120 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 21.05.2012 6,00MB 11.2.202.235 Adobe Reader X (10.1.3) MUI Adobe Systems Incorporated 09.04.2012 479MB 10.1.3 Advanced Audio FX Engine Creative Technology Ltd 12.09.2011 1.12.05 Amazon MP3-Downloader 1.0.9 12.12.2011 Apple Application Support Apple Inc. 09.05.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 09.05.2012 24,9MB 5.1.1.4 Apple Software Update Apple Inc. 28.01.2012 2,38MB 2.1.3.127 Bonjour Apple Inc. 28.01.2012 2,04MB 3.0.0.10 CCleaner Piriform 21.05.2012 3.18 Dell DataSafe Local Backup Dell Inc. 12.09.2011 9.4.57 Dell DataSafe Local Backup - Support Software Dell Inc. 12.09.2011 9.4.57 Dell DataSafe Online Dell 12.09.2011 6,46MB 2.1.19634 Dell Getting Started Guide Dell Inc. 12.09.2011 1.00.0000 Dell MusicStage Fingertapps 12.09.2011 1.5.201.0 Dell PhotoStage ArcSoft 12.09.2011 130,3MB 1.5.0.65 Dell Stage Fingertapps 29.02.2012 85,5MB 1.7.209.0 Dell Stage Remote ArcSoft 12.09.2011 80,9MB 2.0.0.43 Dell Support Center Dell Inc. 12.09.2011 128,9MB 3.1.5803.11 Dell VideoStage CyberLink Corp. 13.09.2011 1.2.0.1712 Dell Webcam Central Creative Technology Ltd 12.09.2011 2.00.44 Der Kleine Turnierplaner 6.7.3.1a Der Kleine Turnierplaner 30.01.2012 6.7.3.1a eBay eBay Inc. 12.09.2011 1.4.0 Facebook Messenger 2.1.4520.0 Facebook 17.05.2012 33,6MB 2.1.4520.0 FIFA 12 DEMO Electronic Arts 23.10.2011 1.451MB 1.0.0.0 Foto-Mosaik-Edda Standard V6.6.11255.1 Steffen Schirmer 23.04.2012 3,13MB Free YouTube Download version 3.1.26.504 DVDVideoSoft Ltd. 06.05.2012 82,1MB 3.1.26.504 Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 12.01.2012 85,6MB Google Chrome Google Inc. 21.05.2012 12.0.742.100 Google Talk (remove only) 25.09.2011 Intel(R) Control Center Intel Corporation 13.09.2011 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 13.09.2011 7.0.0.1144 Intel(R) Processor Graphics Intel Corporation 13.09.2011 8.15.10.2342 Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 12.09.2011 142,9MB 14.00.1000 iTunes Apple Inc. 09.05.2012 159,0MB 10.6.1.7 Java(TM) 6 Update 24 Oracle 12.09.2011 96,9MB 6.0.240 Java(TM) 6 Update 24 (64-bit) Oracle 12.09.2011 90,8MB 6.0.240 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 21.05.2012 18,0MB 1.61.0.1400 McAfee SecurityCenter McAfee, Inc. 09.05.2012 11.0.669 MDI viewer 0.1 07.11.2011 0.1 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.02.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 10.02.2011 52,0MB 4.0.30319 Microsoft Office 2010 Microsoft Corporation 12.09.2011 6,31MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 27.09.2011 14.0.4763.1000 Microsoft Office Professional Plus 2010 Microsoft Corporation 15.03.2012 14.0.6029.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 27.09.2011 14.0.4763.1000 Microsoft Silverlight Microsoft Corporation 09.05.2012 100,3MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 12.09.2011 1,70MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.01.2012 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.09.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.09.2011 0,59MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.09.2011 0,57MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12.09.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 28.09.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 21.05.2012 11,0MB 10.0.30319 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.09.2011 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.09.2011 1,33MB 4.20.9876.0 NVIDIA 3D Vision Treiber 268.30 NVIDIA Corporation 12.09.2011 268.30 NVIDIA Grafiktreiber 268.30 NVIDIA Corporation 12.09.2011 268.30 Opera 11.64 Opera Software ASA 21.05.2012 11.64.1403 PDFCreator Frank Heindörfer, Philip Chinery 23.12.2011 1.2.3 Picasa 3 Google, Inc. 04.02.2012 3.8 Quickset64 Dell Inc. 12.09.2011 11.0.10 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12.09.2011 6.0.1.6312 Roxio Creator Starter Roxio 12.09.2011 1.673MB 12.1.77.0 Skype Toolbars Skype Technologies S.A. 12.09.2011 5,36MB 1.0.4051 Skype™ 5.5 Skype Technologies S.A. 16.11.2011 17,0MB 5.5.124 SopCast 3.4.0 www.sopcast.com 17.10.2011 3.4.0 Spybot - Search & Destroy Safer Networking Limited 21.05.2012 1.6.2 Synaptics Pointing Device Driver Synaptics Incorporated 12.09.2011 46,4MB 15.2.6.0 SyncUP Nero AG 12.09.2011 287MB 1.10.11100.8.106 Windows Live Essentials Microsoft Corporation 13.09.2011 15.4.3508.1109 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 12.09.2011 5,58MB 15.4.5722.2 Zinio Reader 4 Zinio LLC 12.09.2011 4.2.4164 Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 Intel 12.09.2011 2.1.23.0 VIELEN VIELEN DANK SCHON MAL IM VORAUS FÜR DEINE HILFE!!!! TOBIAS |
|
23.05.2012, 14:42
| #4 | ||
| /// Helfer-Team | Internetseiten lassen sich plötzlich nicht mehr öffnen 1. Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... ► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {481DDB99-4189-4DF0-A871-4F7E744935FD}
IE:64bit: - HKLM\..\SearchScopes\{481DDB99-4189-4DF0-A871-4F7E744935FD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {481DDB99-4189-4DF0-A871-4F7E744935FD}
IE - HKLM\..\SearchScopes\{481DDB99-4189-4DF0-A871-4F7E744935FD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {481DDB99-4189-4DF0-A871-4F7E744935FD}
IE - HKCU\..\SearchScopes\{161ED2B9-801E-4ADF-98A3-70C18BC1FCA0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{43B83F3F-378A-4F6C-B145-CA57297E5682}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=8A3C26A0-46AD-4816-B7DF-A80DCCDED85D&apn_sauid=E3C52581-8C21-4CF9-ADA7-2F8A09573022
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSearchScopes
IE - HKCU\..\SearchScopes\{E8598029-3789-41B2-901F-7DB236F7237F}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.26 21:54:50 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - U:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - V:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - W:\AUTORUN.INF -- [ NTFS ]
[2012.05.23 01:09:04 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3101248543-738126447-479064676-1001UA.job
[2012.05.23 01:08:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 01:06:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3101248543-738126447-479064676-1001Core.job
[2012.05.22 23:46:52 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.22 18:59:45 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.05.22 22:43:52 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.22 22:43:52 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
(alle vorhandenen Protokolle!)
erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
23.05.2012, 15:22
| #5 |
| | Internetseiten lassen sich plötzlich nicht mehr öffnen Spybot habe ich entfernt, kannst du mir ein anderes Programm empfehlen? Was mir noch aufgefallen ist, ist, dass als ich heute den PC eingeschalten habe, bei mir auf dem Desktop eigentlich auch versteckte Dateien angezeigt wurden, nachdem der PC von OTL wieder neugestartet wurde, war das wieder weg. Hier nun die Datei, die nach dem herunterfahren erschienen ist. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{481DDB99-4189-4DF0-A871-4F7E744935FD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481DDB99-4189-4DF0-A871-4F7E744935FD}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{481DDB99-4189-4DF0-A871-4F7E744935FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481DDB99-4189-4DF0-A871-4F7E744935FD}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{161ED2B9-801E-4ADF-98A3-70C18BC1FCA0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{161ED2B9-801E-4ADF-98A3-70C18BC1FCA0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43B83F3F-378A-4F6C-B145-CA57297E5682}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43B83F3F-378A-4F6C-B145-CA57297E5682}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8598029-3789-41B2-901F-7DB236F7237F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8598029-3789-41B2-901F-7DB236F7237F}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File U:\AUTORUN.INF not found.
File V:\AUTORUN.INF not found.
File W:\AUTORUN.INF not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3101248543-738126447-479064676-1001UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3101248543-738126447-479064676-1001Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tobias Lutz\Desktop\OTL\cmd.bat deleted successfully.
C:\Users\Tobias Lutz\Desktop\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tobias Lutz
->Temp folder emptied: 31711731 bytes
->Temporary Internet Files folder emptied: 53170779 bytes
->Java cache emptied: 446712 bytes
->Google Chrome cache emptied: 6528904 bytes
->Opera cache emptied: 2463041 bytes
->Flash cache emptied: 58065 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 872615 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71483 bytes
RecycleBin emptied: 3392238 bytes
Total Files Cleaned = 94,00 mb
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_155717
Files\Folders moved on Reboot...
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZD0Z0MDP\12-ZAM-CIV-088067-01-07-20120213-074931.__25008644__MBQF-1329121145,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=6[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZD0Z0MDP\12-__CIV-Z-087191-01-07-20120213-032306.__25004726__MBQF-1329121171,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=3[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZD0Z0MDP\22104118.11-22166272.22-22191834.2-22361912.1-22104388.12-15400952.18-15400958.22-15400950.38-15400962.22-18304084.1-22506022.1-22506006.5-22104264.5-22437436.2.bild[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZD0Z0MDP\rate_20after_20_20their_20victory_20agai__25003515__MBQF-1329121491,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=2[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZD0Z0MDP\TOArtikel,v=10001710.1-10001712.1-10001718.1-10001716.1-10001714.1-10001720.2-10001722.2-10001724.1-10001740.2-10001736.2-10001732.2-10001726.1-10283182.1-10001742.3[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=0;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=9444993628[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=3475227776[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=3106390068[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=3475227776[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=4;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=7341723294[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=4;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=7341723294[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\0;x8=0;g3=5;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=9509222891[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\4;i8=4;i17=4;i20=4;i25=4;i26=4;i28=4;i39=3;i42=4;i44=4;s1=1;s5=1;a11=2;a14=2;s9=0;s10=1;s12=1;s14=1;s15=0;s16=1;s18=1;zt=1;w1=3;w2=8;;sz=728x90;tile=1;ord=1357514240[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\7=0;x8=0;g3=6;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=74087795[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\;i8=4;i17=4;i20=4;i25=4;i26=4;i28=4;i39=3;i42=4;i44=4;s1=1;s5=1;a11=2;a14=2;s9=0;s10=1;s12=1;s14=1;s15=0;s16=1;s18=1;zt=1;w1=3;w2=8;;sz=300x250;tile=3;ord=1357514240[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Y90VB6M6\x7=0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=2692144[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=0;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=9444993628[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=0;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=9444993628[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=1;k2=3;k3=4;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=1271275171[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=1;k2=3;k3=4;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=1271275171[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=3475227776[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=3475227776[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=5227640194[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=5227640194[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\0;x8=0;g3=4;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=7341723294[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\7=0;x8=0;g3=6;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=74087795[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\7=0;x8=0;g3=6;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=74087795[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\;i8=4;i17=4;i20=4;i25=4;i26=4;i28=4;i39=3;i42=4;i44=4;s1=1;s5=1;a11=2;a14=2;s9=0;s10=1;s12=1;s14=1;s15=0;s16=1;s18=1;zt=1;w1=3;w2=8;;sz=120x600;tile=2;ord=1357514240[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\;x8=0;g3=32;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=9322148367[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\;x8=0;g3=32;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=9322148367[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O0V5CK5D\x7=0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=2692144[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KUFTXWQ4\Herve_20Renard_20celebrates_20as_20he_20__25003520__MBQF-1329121045,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=4[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KUFTXWQ4\PTOPIX_20Zambia_20African_20Cup_20Soccer__25002957__MBQF-1329121526,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=9[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\G1TUYOFN\2-CIV-ZAM-087082-01-07-20120213-030558.__25004510__MBQF-1329121191,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=14[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\G1TUYOFN\2-ZAM-CIV-086314-01-07-20120213-010348.__25002893__MBQF-1329121550,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=10[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\G1TUYOFN\2-ZAM-CIV-088083-01-07-20120213-075415.__25008832__MBQF-1329121121,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=12[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7U1GP7TI\2-CIV-ZAM-088061-01-07-20120213-074649.__25008650__MBQF-1329121112,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=13[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7U1GP7TI\20reacts_20after_20watching_20a_20telec__25002889__MBQF-1329121564,templateId=renderFotoGalerieElement,fgId=22611930,BUAnzeige=true,DZAnzeige=true,size=16,offset=11[1].htm not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7U1GP7TI\=10001736.2-10001732.2-10001710.1-10001712.1-10001718.1-10001716.1-10001714.1-10001720.2-10001722.2-10001724.1-10020060.1-10001726.1-13734466.1-13019162.2-10001734.5[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=0;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=9444993628[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=3106390068[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=3106390068[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=9863596878[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=5227640194[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=9863596878[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=5227640194[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=9863596878[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=2;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=9863596878[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=4;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=7341723294[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=5;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=9509222891[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\0;x8=0;g3=5;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=9509222891[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\4;i8=4;i17=4;i20=4;i25=4;i26=4;i28=4;i39=3;i42=4;i44=4;s1=1;s5=1;a11=2;a14=2;s9=0;s10=1;s12=1;s14=1;s15=0;s16=1;s18=1;zt=1;w1=4;w2=3;;sz=728x90;tile=1;ord=8466855932[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\;x8=0;g3=32;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=9322148367[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3PWQRFZ0\x7=0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=2692144[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\0;x8=0;g3=1;k2=3;k3=4;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=1271275171[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\0;x8=0;g3=1;k2=3;k3=4;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=4;ord=1271275171[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=3106390068[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\0;x8=0;g3=5;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=3;ord=9509222891[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\7=0;x8=0;g3=6;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=74087795[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\;i8=4;i17=4;i20=4;i25=4;i26=4;i28=4;i39=3;i42=4;i44=4;s1=1;s5=1;a11=2;a14=2;s9=0;s10=1;s12=1;s14=1;s15=0;s16=1;s18=1;zt=1;w1=4;w2=3;;sz=120x600;tile=2;ord=8466855932[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\;i8=4;i17=4;i20=4;i25=4;i26=4;i28=4;i39=3;i42=4;i44=4;s1=1;s5=1;a11=2;a14=2;s9=0;s10=1;s12=1;s14=1;s15=0;s16=1;s18=1;zt=1;w1=4;w2=3;;sz=300x250;tile=3;ord=8466855932[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\;x8=0;g3=32;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=2;ord=9322148367[1].js not found!
File\Folder C:\Users\Tobias Lutz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3H4SPQ3Z\x7=0;x8=0;g3=1;k2=3;k3=7;k4=5;k5=0;j1=0;n2=3;KW=rog1,rog6;xx=pux;xx=pl;xx=fa;xx=pb;xx=pd;xx=bb;xx=wp;xx=fp;xx=hp;xx=sb;xx=pu1;xx=fb2;xx=rt1;xx=sc1;tile=1;ord=2692144[1].js not found!
C:\Users\Tobias Lutz\AppData\Local\Temp\7zS57C8\HPSLPSVC64.DLL moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SZ12HBGB\ads[10].htm moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SZ12HBGB\ads[9].htm moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SZ12HBGB\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDLN5KAQ\si[1].htm moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RX6KK6C\115610-internetseiten-lassen-ploetzlich-mehr-oeffnen[2].htm moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RX6KK6C\google_de[2].htm moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\11H0DW0D\si[2].htm moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Tobias Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...
|
|
23.05.2012, 15:23
| #6 |
| | Internetseiten lassen sich plötzlich nicht mehr öffnen Hier nun die Malwarebytesprotokolle, auf Viren habe ich meinen PC gescannt, bei mir läuft im Hintergrund das McAffee Securtity Center, das dauernd scans macht. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tobias Lutz :: TOBIASLUTZ-PC [Administrator] Schutz: Aktiviert 22.05.2012 23:54:52 mbam-log-2012-05-22 (23-54-52).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 356768 Laufzeit: 1 Stunde(n), 41 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2012/05/22 23:54:23 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting protection
2012/05/22 23:54:25 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Protection started successfully
2012/05/22 23:54:28 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting IP protection
2012/05/22 23:54:29 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/05/23 00:01:43 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Executing scheduled update: Daily
2012/05/23 00:01:48 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Database already up-to-date
2012/05/23 02:04:53 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting protection
2012/05/23 02:04:57 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Protection started successfully
2012/05/23 02:05:00 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting IP protection
2012/05/23 02:05:01 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE IP Protection started successfully
2012/05/23 15:54:49 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting protection
2012/05/23 15:54:51 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Protection started successfully
2012/05/23 15:54:54 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting IP protection
2012/05/23 15:54:55 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE IP Protection started successfully
2012/05/23 16:03:19 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting protection
2012/05/23 16:03:22 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Protection started successfully
2012/05/23 16:03:25 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE Starting IP protection
2012/05/23 16:03:26 +0200 TOBIASLUTZ-PC Tobias Lutz MESSAGE IP Protection started successfully
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 16:05:59 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Tobias Lutz\Desktop\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,98% Memory free 15,79 Gb Paging File | 13,19 Gb Available in Paging File | 83,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 576,54 Gb Total Space | 494,85 Gb Free Space | 85,83% Space Free | Partition Type: NTFS Drive F: | 982,13 Mb Total Space | 804,28 Mb Free Space | 81,89% Space Free | Partition Type: FAT Computer Name: TOBIASLUTZ-PC | User Name: Tobias Lutz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias Lutz\Desktop\OTL\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) PRC - C:\Users\Tobias Lutz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.WinForms.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\libcef.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - c:\Program Files\mcafee\msk\mskapbho.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.10 16:57:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120509165320.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120509165320.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [Facebook Update] C:\Users\Tobias Lutz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - Startup: C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1A52AA-31FD-4345-8815-89EB7255B318}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A672E1-39F6-4FD4-92AC-55A7265C9F54}: DhcpNameServer = 10.1.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.26 21:54:50 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.05.23 15:57:17 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.23 00:30:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\OTL [2012.05.23 00:04:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.22 23:53:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Malwarebytes [2012.05.22 23:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 23:52:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.22 23:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.22 23:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.22 23:51:37 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Malwarebytes [2012.05.22 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\HIJACK [2012.05.22 22:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.22 19:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.22 19:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.22 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.22 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.22 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Opera [2012.05.22 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Local\Opera [2012.05.22 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.05.20 21:02:31 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner (3) [2012.05.20 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner [2012.05.18 10:09:42 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.05.11 14:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Fotos 2 [2012.05.10 23:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.10 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.10 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.10 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.10 17:17:36 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 17:17:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 17:16:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 17:16:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 19:14:28 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Musik Flo [2012.05.07 18:01:38 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Local\{42F0469A-24DB-41C5-8E07-616D2D744617} [2012.05.07 17:58:20 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.07 17:58:15 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.04.24 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner (4) [2012.04.24 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Documents\Foto-Mosaik-Edda [2012.04.24 21:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foto-Mosaik-Edda [2012.04.24 21:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foto-Mosaik-Edda ========== Files - Modified Within 30 Days ========== [2012.05.23 16:08:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 16:08:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 16:07:44 | 005,386,598 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.23 16:07:44 | 002,067,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.23 16:07:44 | 001,649,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.23 16:07:44 | 001,475,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.23 16:07:44 | 000,006,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.23 16:02:24 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.23 16:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.23 16:00:32 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys [2012.05.23 01:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.22 23:52:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 22:43:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.22 22:43:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.22 18:49:19 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.21 19:17:51 | 001,267,758 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\CIMG2600.jpg [2012.05.18 10:09:42 | 000,001,347 | ---- | M] () -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.05.14 20:58:30 | 000,056,192 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Anschreiben Eltern.pdf [2012.05.13 22:25:14 | 000,058,290 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Die tapferen Sechs und der Ritt nach Prag.pdf [2012.05.13 22:24:28 | 000,058,313 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Märchen von den tapferen Sechs und dem Ritt nach Prag.pdf [2012.05.11 14:46:08 | 000,459,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.10 23:07:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.09 16:16:26 | 000,109,630 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\750_500_fas-bu1k8100.jpg [2012.05.09 16:16:26 | 000,095,269 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Maik.jpg [2012.05.07 19:01:27 | 326,517,227 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Anheizer.wmv ========== Files Created - No Company Name ========== [2012.05.22 23:52:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 22:44:08 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.22 18:49:19 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.22 18:44:49 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.21 19:17:51 | 001,267,758 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\CIMG2600.jpg [2012.05.18 10:09:42 | 000,001,347 | ---- | C] () -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.05.14 20:58:30 | 000,056,192 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Anschreiben Eltern.pdf [2012.05.13 22:25:13 | 000,058,290 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Die tapferen Sechs und der Ritt nach Prag.pdf [2012.05.13 22:24:27 | 000,058,313 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Märchen von den tapferen Sechs und dem Ritt nach Prag.pdf [2012.05.10 23:07:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.09 16:21:05 | 000,095,269 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Maik.jpg [2012.05.09 16:16:40 | 000,109,630 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\750_500_fas-bu1k8100.jpg [2012.05.07 18:58:02 | 326,517,227 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Anheizer.wmv [2012.01.29 13:10:34 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Lutz\AppData\Local\rx_image32.Cache [2011.10.18 19:07:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.13 13:24:40 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.09.13 13:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.13 13:23:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.13 13:23:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.02.11 12:22:50 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2011.12.13 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\Amazon [2012.05.07 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoft [2012.05.07 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.01 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\Fingertapps [2012.05.22 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\Opera [2011.12.24 18:31:33 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\pdfforge [2012.04.26 01:12:16 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\SoftGrid Client [2011.09.28 16:35:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\TP [2011.09.17 03:05:47 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.04.22 21:15:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2012 16:05:59 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Tobias Lutz\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,98% Memory free
15,79 Gb Paging File | 13,19 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,54 Gb Total Space | 494,85 Gb Free Space | 85,83% Space Free | Partition Type: NTFS
Drive F: | 982,13 Mb Total Space | 804,28 Mb Free Space | 81,89% Space Free | Partition Type: FAT
Computer Name: TOBIASLUTZ-PC | User Name: Tobias Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC0D44-AD8D-4F3B-AEED-DB513BE78EB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1291FB18-88C1-43B1-8C01-9A025FD3B905}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F0689BC-EAA8-4F1F-BF07-71E5605E8D97}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{32966854-ED5A-4CFB-A94F-DFB7B5AD5BA1}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{3555ED49-FED4-4628-BA3F-EDC6E2C06AAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{38B5EA45-A595-403C-9E01-F4F149355887}" = rport=139 | protocol=6 | dir=out | app=system |
"{398588F0-D39B-43E5-B314-E98A50EEB0EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5148C1DD-6DA5-4044-B122-DB98EB7BDFD0}" = rport=137 | protocol=17 | dir=out | app=system |
"{529739B7-6647-4AAC-9D9C-AB08E0D7202C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F792DF9-84C4-4474-B8E4-BBB2C056462D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6537FB58-A66E-4F43-8831-9FFBC722A53C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6C68EEE1-6443-4275-B2A2-403B4A2E0999}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{70748115-ECB7-4DAB-B88A-08D6F3154E0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7906CF20-7663-4FF9-A4BB-9778A5E82CFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{81494444-73D7-4E97-9E00-5BE6F37422D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{86156D2E-AE92-4FEF-A1C6-A9FF832F756C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88831077-30AB-40E0-969E-C654985C6366}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FFF83CF-727F-4C0F-A0C9-F72BC7CC5B76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9185A8AF-638B-4A04-961D-204FB314B1E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CA27315-8D95-4063-B2AE-61A361D1AD07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DDB425F-B712-4744-9FE1-8410559D8BFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A4EFC9CC-F117-40E4-AA51-8BE98E34DC98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7BA5E50-6E24-43FA-90DB-6AC469EE798B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B804B641-DA67-4638-A842-4A48AC54CC39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C125D24B-CC6E-44F8-BF00-5C96C7F7E286}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEF5D932-7424-4313-A4BF-A3EBFAA4169D}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF9038CC-C2DF-43BA-A2EB-3CC43F54F431}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{CFA38176-E09A-4012-A06A-EE48BF0C77E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCF56A5A-D794-478B-8350-ECBE0CB8A5E6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3C57A30-8FA7-4F51-B175-E09C60165712}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040C4D65-423C-40BF-BBEB-4622EFEC72A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{055C8553-9D42-49F5-B212-1E47F32BB699}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{0646BFC4-0F5A-4F0E-846D-97695E027C6E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0803CA1D-5B78-48E4-A8BC-6CE02EB2A0AD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"{09E3C42C-16DF-4EF9-B345-EB5BBC1B9490}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15A6AFD0-5757-47BA-BAF2-D3DBDACE2E82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A5737DB-2C54-4670-A7FB-E919C7DB9181}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{207C4601-B37E-4627-BFB5-E2EB698A73B3}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{2199F15C-6176-48A6-B428-C7B6CDE291F4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{2459D011-2EAE-40C1-A872-5050869E88F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29FE00CD-A93A-488F-8D96-1FEA8047F0A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3004A608-1179-4C72-9C68-C09906211D52}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3751D51D-C712-4B5E-888C-EDCFBCBF4997}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{385D18B0-9745-4A8A-89A2-CF706E400A92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B14C467-3A17-4024-95DF-597E981C44B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48B02715-B83F-438D-8C7E-1B84FA568D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{529A3860-10FC-43BC-BE5A-A19045BBF266}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{54E882BF-DBF3-4111-8B03-48055F7B5A37}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"{570BECB4-9F83-44C8-B564-B6C370D46F1E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{58198ECC-EEA5-4C61-8C49-D6FA07BE99BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64240A80-2FA6-4D22-85CA-968CF0DF52FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{702486CB-7F69-40E7-B49C-3D807CF5A7A6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{7691EAF7-AEE8-45A4-B0F1-32F1D9CD94EF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{78121C21-19D8-40A9-8B41-1AE827D0CDE8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{79937015-7C1F-463C-B222-CFA81584EC61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7ABD082F-A7C8-41B2-9FC0-1EE1F6EA879A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E1D9EF2-E925-46E5-A76F-603EFB097072}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EC104B7-030C-4E84-8ADD-127980FE7C29}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{88ABEAC8-2046-454C-9215-34B6ECD9AFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{88C8150E-CAB0-4974-AF4B-8AB64F936590}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8DABD1DD-966C-44BD-AD63-2389E2A73BFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8EC12308-2221-408D-AC53-CDAC2347487B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8F13C281-6059-430F-B0E0-D3658BAF19B3}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{90BF320F-3D55-4C74-BB8E-D761DB53C4A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94ACE673-4268-4CE8-89C0-4C514B273B03}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9507F7C7-8DA1-4EFA-8086-BFDD1881D84A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{96FF9442-4A1C-4A2B-B57F-95229B0C13DC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{9F03695F-2F4E-4BE2-A07A-0DD75F386532}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A00F1F65-E0E2-443E-8723-8984917EE9C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A240E373-2961-46C3-9951-E894A4BF737B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAD29D09-9A75-4063-963C-2A4DC1BE5146}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{B790920F-EBF3-46C7-87A0-296D440E70D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C149ECC6-26EF-4931-85D0-338E7D3B10FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D241173A-D166-4E59-80EC-39FB4C316E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{D8976754-E918-4AF9-BF9E-9D8B8087D9D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DA44627F-AF06-48F9-B08F-7044E0F26C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4B73774-BBE2-4DD6-956D-314CE4D2E21C}" = protocol=6 | dir=out | app=system |
"{E7C0AD6A-7AB6-4081-9E3B-E8C309FF1131}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E957000A-36DA-4F26-ADC8-8CCAF27DB7AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EC2729CA-4CA2-4BF1-B0B7-A5202B033239}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2973F1F-D55C-4023-ABDA-E1DFD1AE350D}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F42D4104-B736-4914-921E-90EA909DDE52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7843423-B734-410B-A58C-FA5F1F8683AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F90E0218-0D4B-456B-93E7-DAED0D4CB1D2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FE53DE3E-E9A1-4289-A3B3-2BC5FBC56F22}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"TCP Query User{835097A1-E749-41E6-A84D-10A878176CFF}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{2DFF1CF9-E95D-492D-A2B8-EE9A72231931}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D6C6D02-F201-42AA-B53B-7B5166B6705C}" = FIFA 12 DEMO
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11255.1
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Dell Webcam Central" = Dell Webcam Central
"Der_Deploy_0" = Der Kleine Turnierplaner 6.7.3.1a
"Free YouTube Download_is1" = Free YouTube Download version 3.1.26.504
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MDI (Microsoft Office Document Image) Viewer_is1" = MDI viewer 0.1
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 11.64.1403" = Opera 11.64
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.4.0
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2012 11:39:46 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8112
Error - 15.05.2012 11:39:46 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8112
Error - 15.05.2012 11:39:47 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.05.2012 11:39:47 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9110
Error - 15.05.2012 11:39:47 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9110
Error - 15.05.2012 11:39:48 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.05.2012 11:39:48 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10186
Error - 15.05.2012 11:39:48 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10186
Error - 15.05.2012 11:39:49 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.05.2012 11:39:49 | Computer Name = TobiasLutz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11325
[ System Events ]
Error - 09.02.2012 09:16:00 | Computer Name = TobiasLutz-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.02.2012 09:16:00 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.02.2012 09:16:00 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.02.2012 09:16:11 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.02.2012 09:16:16 | Computer Name = TobiasLutz-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
Ich hoffe, das hilft dir weiter!!! Hallo, mir ist gerade noch etwas aufgefallen, meine Internetseiten funktionieren wieder alle! Könnte es das gewesen sein? Oder freue ich mich zu früh? Komischerweise gehen meine Internetseiten jetzt alle wieder?!? |
|
24.05.2012, 06:21
| #7 | ||
| /// Helfer-Team | Internetseiten lassen sich plötzlich nicht mehr öffnenZitat:
Systemreinigung und Prüfung: 1. Kann deinstalliert werden: [Malwarebytes' Anti-Malware] 2. ► Empfehlungen/Vorschläge: An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen: Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll. Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden! Code:
ATTFilter Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg Code:
ATTFilter [Adobe Reader Speed Launcher]
[NeroLauncher]
[Facebook Update]
[googletalk]
Facebook Messenger
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren ggf erneut deaktivieren muss! 3. Zitat:
Code:
ATTFilter :OTL
PRC - C:\Users\Tobias Lutz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
:Files
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 5. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 6. reinige dein System mit CCleaner:
7.
8. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 9. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
24.05.2012, 23:27
| #8 |
| | Internetseiten lassen sich plötzlich nicht mehr öffnen Habe alles gemacht, was du gesagt hast! Bei SUPERAntiSpyware kam das raus: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/24/2012 at 07:49 PM
Application Version : 5.0.1150
Core Rules Database Version : 8642
Trace Rules Database Version: 6454
Scan type : Complete Scan
Total Scan Time : 01:10:25
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 714
Memory threats detected : 0
Registry items scanned : 73636
Registry threats detected : 0
File items scanned : 51055
File threats detected : 5
Adware.Tracking Cookie
C:\USERS\TOBIAS LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZONDKQ7X.txt [ Cookie:tobias lutz@doubleclick.net/ ]
C:\USERS\TOBIAS LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\P8277H7Z.txt [ Cookie:tobias lutz@c.atdmt.com/ ]
C:\USERS\TOBIAS LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\90D2HGGZ.txt [ Cookie:tobias lutz@apmebf.com/ ]
C:\USERS\TOBIAS LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GV1AHCT.txt [ Cookie:tobias lutz@atdmt.com/ ]
C:\USERS\TOBIAS LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y5WA62JU.txt [ Cookie:tobias lutz@accounts.google.com/ ]
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 16:05:59 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Tobias Lutz\Desktop\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,98% Memory free 15,79 Gb Paging File | 13,19 Gb Available in Paging File | 83,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 576,54 Gb Total Space | 494,85 Gb Free Space | 85,83% Space Free | Partition Type: NTFS Drive F: | 982,13 Mb Total Space | 804,28 Mb Free Space | 81,89% Space Free | Partition Type: FAT Computer Name: TOBIASLUTZ-PC | User Name: Tobias Lutz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias Lutz\Desktop\OTL\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) PRC - C:\Users\Tobias Lutz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.WinForms.dll () MOD - C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\libcef.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - c:\Program Files\mcafee\msk\mskapbho.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.10 16:57:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120509165320.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120509165320.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [Facebook Update] C:\Users\Tobias Lutz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - Startup: C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Tobias Lutz\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1A52AA-31FD-4345-8815-89EB7255B318}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A672E1-39F6-4FD4-92AC-55A7265C9F54}: DhcpNameServer = 10.1.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.26 21:54:50 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.05.23 15:57:17 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.23 00:30:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\OTL [2012.05.23 00:04:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.22 23:53:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Malwarebytes [2012.05.22 23:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 23:52:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.22 23:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.22 23:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.22 23:51:37 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Malwarebytes [2012.05.22 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\HIJACK [2012.05.22 22:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.22 19:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.22 19:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.22 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.22 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.22 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Opera [2012.05.22 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Local\Opera [2012.05.22 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.05.20 21:02:31 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner (3) [2012.05.20 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner [2012.05.18 10:09:42 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.05.11 14:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Fotos 2 [2012.05.10 23:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.10 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.10 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.10 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.10 17:17:36 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 17:17:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 17:16:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 17:16:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 19:14:28 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Musik Flo [2012.05.07 18:01:38 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\AppData\Local\{42F0469A-24DB-41C5-8E07-616D2D744617} [2012.05.07 17:58:20 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.07 17:58:15 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.04.24 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Desktop\Neuer Ordner (4) [2012.04.24 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Tobias Lutz\Documents\Foto-Mosaik-Edda [2012.04.24 21:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foto-Mosaik-Edda [2012.04.24 21:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foto-Mosaik-Edda ========== Files - Modified Within 30 Days ========== [2012.05.23 16:08:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 16:08:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 16:07:44 | 005,386,598 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.23 16:07:44 | 002,067,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.23 16:07:44 | 001,649,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.23 16:07:44 | 001,475,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.23 16:07:44 | 000,006,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.23 16:02:24 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.23 16:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.23 16:00:32 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys [2012.05.23 01:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.22 23:52:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 22:43:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.22 22:43:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.22 18:49:19 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.21 19:17:51 | 001,267,758 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\CIMG2600.jpg [2012.05.18 10:09:42 | 000,001,347 | ---- | M] () -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.05.14 20:58:30 | 000,056,192 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Anschreiben Eltern.pdf [2012.05.13 22:25:14 | 000,058,290 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Die tapferen Sechs und der Ritt nach Prag.pdf [2012.05.13 22:24:28 | 000,058,313 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Märchen von den tapferen Sechs und dem Ritt nach Prag.pdf [2012.05.11 14:46:08 | 000,459,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.10 23:07:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.09 16:16:26 | 000,109,630 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\750_500_fas-bu1k8100.jpg [2012.05.09 16:16:26 | 000,095,269 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Maik.jpg [2012.05.07 19:01:27 | 326,517,227 | ---- | M] () -- C:\Users\Tobias Lutz\Desktop\Anheizer.wmv ========== Files Created - No Company Name ========== [2012.05.22 23:52:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 22:44:08 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.22 18:49:19 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.22 18:44:49 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.21 19:17:51 | 001,267,758 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\CIMG2600.jpg [2012.05.18 10:09:42 | 000,001,347 | ---- | C] () -- C:\Users\Tobias Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.05.14 20:58:30 | 000,056,192 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Anschreiben Eltern.pdf [2012.05.13 22:25:13 | 000,058,290 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Die tapferen Sechs und der Ritt nach Prag.pdf [2012.05.13 22:24:27 | 000,058,313 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Märchen von den tapferen Sechs und dem Ritt nach Prag.pdf [2012.05.10 23:07:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.09 16:21:05 | 000,095,269 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Maik.jpg [2012.05.09 16:16:40 | 000,109,630 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\750_500_fas-bu1k8100.jpg [2012.05.07 18:58:02 | 326,517,227 | ---- | C] () -- C:\Users\Tobias Lutz\Desktop\Anheizer.wmv [2012.01.29 13:10:34 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Lutz\AppData\Local\rx_image32.Cache [2011.10.18 19:07:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.13 13:24:40 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.09.13 13:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.13 13:23:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.13 13:23:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.02.11 12:22:50 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2011.12.13 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\Amazon [2012.05.07 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoft [2012.05.07 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.01 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\Fingertapps [2012.05.22 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\Opera [2011.12.24 18:31:33 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\pdfforge [2012.04.26 01:12:16 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\SoftGrid Client [2011.09.28 16:35:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias Lutz\AppData\Roaming\TP [2011.09.17 03:05:47 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.04.22 21:15:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und beim Virenscanner hat es beim ersten Mal eine infizierte Datei gegeben, die dann gelöscht wurde. Hab den Scanner dann nocheinmal drüber laufen lassen und da kam dann nix mehr. Viele Grüße |
|
25.05.2012, 08:34
| #9 |
| /// Helfer-Team | Internetseiten lassen sich plötzlich nicht mehr öffnen ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
30.05.2012, 18:57
| #10 |
| | Internetseiten lassen sich plötzlich nicht mehr öffnen Habe nun keine Probleme mehr! Was war jetzt eigentlich das Problem? Vielen vielen Dank nochmal für deine Hilfe!!! |
|
31.05.2012, 07:13
| #11 | |
| /// Helfer-Team | Internetseiten lassen sich plötzlich nicht mehr öffnen etwas hat sich im Internet Explorer eingenistet,... ** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance!
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (31.05.2012 um 07:22 Uhr) |
|
03.06.2012, 12:37
| #12 |
| | Internetseiten lassen sich plötzlich nicht mehr öffnen Habe alles gemacht! Läuft anscheinend alles!!!! |
|
| Themen zu Internetseiten lassen sich plötzlich nicht mehr öffnen |
| aktuelle, anderer, bestimmte, browser, cache, ccleaner, folge, folgendes, heute, interne, internetseite, internetseiten, langsam, laptop, leeren, nicht mehr, nicht mehr öffnen, opera, plötzlich, schonmal, seite, seiten, spybot, windows, windows 7, öffnen |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
