|
Plagegeister aller Art und deren Bekämpfung: Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.07.2012, 23:50 | #1 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Hallo alle zusammen! Leider erhalte ich in letzter Zeit bei jedem Sytsemstart folgende Fehlermeldung: Problem beim Starten von C:/Users/xx/AppData/Local/Temp/0.12077690018228271.exe Das angegebene Modul wurde nicht gefunden. Ich kann diese Fehlermeldung mit ok schließen und sie taucht erst wieder beim nächsten Systemstart auf. Habe ich mir da etwa was eingefangen? Vielen Dank für eure Hilfe! Hier noch OTl und Extra: OTL: OTL logfile created on: 21.07.2012 00:20:32 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jessy\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 67,65% Memory free 7,68 Gb Paging File | 6,18 Gb Available in Paging File | 80,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,75 Gb Total Space | 181,23 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Computer Name: JESSY-VAIO | User Name: Jessy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.21 00:19:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessy\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jessy\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 22:23:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 22:22:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 22:22:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2012.05.08 22:23:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 22:22:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.03 22:16:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.02.02 01:02:42 | 000,091,136 | ---- | M] () [Auto | Running] -- C:\Programme\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.11.06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.08.12 23:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2009.07.24 06:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV - [2009.07.16 09:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 22:23:00 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 22:23:00 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.08.05 03:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2009.08.05 03:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.07.31 22:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk) DRV:64bit: - [2009.07.31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk) DRV:64bit: - [2009.07.31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.30 22:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.07.30 22:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.30 22:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.30 22:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.07.27 22:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.24 07:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.gmx.net/homehxxp://start.icq.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jessy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{37C21694-C4C1-43E9-A066-E85D6538C017}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKCU\..\SearchScopes\{73DC5CEB-DF51-40A7-A42A-FBAC4CB51A12}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{8FE99E1E-D035-499B-B6DC-EAA176B4F701}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{A3B192E4-6017-4F9E-9FF7-3185ED57DB61}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb44/?search={searchTerms}&loc=search_box&u=1036325671785216417 IE - HKCU\..\SearchScopes\{E028F1B2-D1CD-47C3-8829-FE7D86F5937F}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/mb44/?loc=ff_address_bar&u=1036325671785216417&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.17 16:38:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.03 22:16:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 12:25:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.17 16:38:03 | 000,000,000 | ---D | M] [2009.11.16 20:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessy\AppData\Roaming\mozilla\Extensions [2012.07.21 00:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessy\AppData\Roaming\mozilla\Firefox\Profiles\84uq1byp.default\extensions [2012.07.21 00:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessy\AppData\Roaming\mozilla\Firefox\Profiles\84uq1byp.default\extensions\staged [2010.01.24 19:38:47 | 000,005,591 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\1und1-suche.xml [2010.01.24 19:38:47 | 000,001,371 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\amazonde.xml [2010.01.24 19:38:47 | 000,010,605 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\gmx-suche.xml [2012.07.21 00:12:57 | 000,000,950 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\icqplugin-1.xml [2011.03.08 23:48:27 | 000,000,950 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\icqplugin-2.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\icqplugin.xml [2011.01.04 15:23:47 | 000,002,210 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\MyStart Search.xml [2010.06.15 20:09:54 | 000,002,062 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\qip-search.xml [2010.01.24 19:38:47 | 000,005,588 | ---- | M] () -- C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\webde-suche.xml [2011.11.09 11:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.23 13:01:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.11 21:19:10 | 000,057,159 | ---- | M] () (No name found) -- C:\USERS\JESSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84UQ1BYP.DEFAULT\EXTENSIONS\FFEXTENSION@WEHEARTIT.COM.XPI [2012.05.03 22:16:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jessy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC) O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PretonClient] C:\Programme\Preton\PretonSaver\PretonClient.exe (Preton Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Jessy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jessy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A561DD80-AC55-4A71-97A6-4AC08F3638A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.21 00:19:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessy\Desktop\OTL.exe [2012.07.20 22:29:36 | 000,000,000 | ---D | C] -- C:\Users\Jessy\Desktop\stick [2012.07.11 21:21:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 21:21:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 21:21:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 21:21:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 21:21:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 21:21:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 21:21:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 21:21:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 21:21:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 21:21:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 21:21:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 21:21:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 21:21:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 20:28:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.02 19:47:18 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.07.02 19:47:18 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.07.02 19:47:18 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.07.02 19:46:57 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.07.02 19:46:57 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.07.02 19:46:57 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.07.02 19:46:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.07.02 19:46:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2009.11.18 19:44:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Jessy\usbsermptxp.sys [2009.11.18 19:44:16 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Jessy\usbsermpt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jessy\Desktop\*.tmp files -> C:\Users\Jessy\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.21 00:19:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessy\Desktop\OTL.exe [2012.07.21 00:19:06 | 000,000,000 | ---- | M] () -- C:\Users\Jessy\defogger_reenable [2012.07.21 00:18:33 | 000,050,477 | ---- | M] () -- C:\Users\Jessy\Desktop\Defogger.exe [2012.07.21 00:18:23 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 00:18:23 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 00:16:02 | 001,627,088 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.21 00:16:02 | 000,701,936 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.21 00:16:02 | 000,656,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.21 00:16:02 | 000,150,898 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.21 00:16:02 | 000,123,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.21 00:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 22:47:01 | 000,000,000 | ---- | M] () -- C:\Windows\vpd.properties [2012.07.13 18:47:15 | 000,491,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jessy\Desktop\*.tmp files -> C:\Users\Jessy\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.21 00:19:06 | 000,000,000 | ---- | C] () -- C:\Users\Jessy\defogger_reenable [2012.07.21 00:18:31 | 000,050,477 | ---- | C] () -- C:\Users\Jessy\Desktop\Defogger.exe [2012.04.23 16:32:39 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.17 00:15:32 | 000,004,565 | ---- | C] () -- C:\Users\Jessy\.recently-used.xbel [2011.05.17 16:34:04 | 000,181,049 | ---- | C] () -- C:\Windows\hpoins13.dat [2011.05.17 16:34:04 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat [2011.03.04 20:29:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2011.03.04 20:28:35 | 000,000,179 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011.03.04 20:28:35 | 000,000,141 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011.03.04 20:22:05 | 000,000,680 | RHS- | C] () -- C:\Users\Jessy\ntuser.pol [2011.02.03 00:24:43 | 005,965,658 | ---- | C] () -- C:\Users\Jessy\kohlhaas_26_kleist_64kb.mp3 [2011.02.03 00:24:42 | 005,585,733 | ---- | C] () -- C:\Users\Jessy\kohlhaas_25_kleist_64kb.mp3 [2011.02.03 00:24:42 | 004,682,105 | ---- | C] () -- C:\Users\Jessy\kohlhaas_24_kleist_64kb.mp3 [2011.02.03 00:24:41 | 004,639,473 | ---- | C] () -- C:\Users\Jessy\kohlhaas_23_kleist_64kb.mp3 [2011.02.03 00:24:41 | 003,178,288 | ---- | C] () -- C:\Users\Jessy\kohlhaas_21_kleist_64kb.mp3 [2011.02.03 00:24:41 | 001,596,731 | ---- | C] () -- C:\Users\Jessy\kohlhaas_22_kleist_64kb.mp3 [2011.02.03 00:24:40 | 004,987,007 | ---- | C] () -- C:\Users\Jessy\kohlhaas_20_kleist_64kb.mp3 [2011.02.03 00:24:40 | 002,660,019 | ---- | C] () -- C:\Users\Jessy\kohlhaas_19_kleist_64kb.mp3 [2011.02.03 00:24:39 | 006,019,784 | ---- | C] () -- C:\Users\Jessy\kohlhaas_17_kleist_64kb.mp3 [2011.02.03 00:24:39 | 003,982,860 | ---- | C] () -- C:\Users\Jessy\kohlhaas_18_kleist_64kb.mp3 [2011.02.03 00:24:38 | 004,516,384 | ---- | C] () -- C:\Users\Jessy\kohlhaas_16_kleist_64kb.mp3 [2011.02.03 00:24:38 | 002,204,652 | ---- | C] () -- C:\Users\Jessy\kohlhaas_15_kleist_64kb.mp3 [2011.02.03 00:24:37 | 006,577,132 | ---- | C] () -- C:\Users\Jessy\kohlhaas_14_kleist_64kb.mp3 [2011.02.03 00:24:37 | 002,977,877 | ---- | C] () -- C:\Users\Jessy\kohlhaas_12_kleist_64kb.mp3 [2011.02.03 00:24:37 | 002,549,887 | ---- | C] () -- C:\Users\Jessy\kohlhaas_13_kleist_64kb.mp3 [2011.02.03 00:24:36 | 007,601,550 | ---- | C] () -- C:\Users\Jessy\kohlhaas_10_kleist_64kb.mp3 [2011.02.03 00:24:36 | 005,158,370 | ---- | C] () -- C:\Users\Jessy\kohlhaas_11_kleist_64kb.mp3 [2011.02.03 00:24:35 | 005,207,480 | ---- | C] () -- C:\Users\Jessy\kohlhaas_09_kleist_64kb.mp3 [2011.02.03 00:24:35 | 002,872,551 | ---- | C] () -- C:\Users\Jessy\kohlhaas_08_kleist_64kb.mp3 [2011.02.03 00:24:34 | 005,790,115 | ---- | C] () -- C:\Users\Jessy\kohlhaas_05_kleist_64kb.mp3 [2011.02.03 00:24:34 | 005,237,991 | ---- | C] () -- C:\Users\Jessy\kohlhaas_07_kleist_64kb.mp3 [2011.02.03 00:24:34 | 003,060,842 | ---- | C] () -- C:\Users\Jessy\kohlhaas_06_kleist_64kb.mp3 [2011.02.03 00:24:33 | 006,734,912 | ---- | C] () -- C:\Users\Jessy\kohlhaas_03_kleist_64kb.mp3 [2011.02.03 00:24:33 | 004,425,269 | ---- | C] () -- C:\Users\Jessy\kohlhaas_04_kleist_64kb.mp3 [2011.02.03 00:24:33 | 003,398,135 | ---- | C] () -- C:\Users\Jessy\kohlhaas_02_kleist_64kb.mp3 [2011.02.03 00:24:32 | 005,047,611 | ---- | C] () -- C:\Users\Jessy\kohlhaas_01_kleist_64kb.mp3 [2010.03.21 22:17:33 | 000,324,608 | ---- | C] () -- C:\Users\Jessy\10258001.dot [2010.01.16 23:52:12 | 000,005,632 | ---- | C] () -- C:\Users\Jessy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.25 21:08:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.18 19:44:16 | 000,009,232 | ---- | C] () -- C:\Users\Jessy\USB_MOT_BRIT.INF [2009.11.18 19:44:16 | 000,006,947 | ---- | C] () -- C:\Users\Jessy\USBMOT2000.INF [2009.11.18 19:44:16 | 000,006,009 | ---- | C] () -- C:\Users\Jessy\USBMOT2000XP.INF [2009.11.18 19:44:16 | 000,005,877 | ---- | C] () -- C:\Users\Jessy\USB_CMCS_2000.INF [2009.11.18 19:44:16 | 000,005,813 | ---- | C] () -- C:\Users\Jessy\USB_MOT_A1000.INF ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:20B17557 < End of report > EXTRAS: OTL Extras logfile created on: 21.07.2012 00:20:32 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jessy\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 67,65% Memory free 7,68 Gb Paging File | 6,18 Gb Available in Paging File | 80,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,75 Gb Total Space | 181,23 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Computer Name: JESSY-VAIO | User Name: Jessy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Foto Paradies] -- "C:\Program Files (x86)\dm\dm-Fotowelt\Foto Paradies.exe" "%1" Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Foto Paradies] -- "C:\Program Files (x86)\dm\dm-Fotowelt\Foto Paradies.exe" "%1" Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 0 "DisableConfig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 0 "DisableConfig" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C9CAA0-F331-47E9-90D1-10209772251E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{02C102C2-E725-474A-8861-5A784DC5C6D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{06FA8FE7-180E-45FE-B02F-95970AB7DA97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{09919319-964B-4B6A-A6D0-614883AD2C95}" = lport=137 | protocol=17 | dir=in | app=system | "{0DC2037D-F833-4638-9C07-16DFA451467F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{37425747-3855-4DAA-A18D-E2A0F0D92EAA}" = lport=445 | protocol=6 | dir=in | app=system | "{3C9349D4-48A8-40D7-8D1E-237B1E9B0B27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5FFCC116-953D-4F0B-9BC0-1756A8709646}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{604ED98B-A2F3-45A8-BB5A-5123AD274F0B}" = lport=2869 | protocol=6 | dir=in | app=system | "{79000035-9F4C-4A09-BD9D-D12C5838A583}" = lport=10243 | protocol=6 | dir=in | app=system | "{999458DC-C65F-4F94-92A6-2C7901E703DD}" = lport=138 | protocol=17 | dir=in | app=system | "{A0F6367E-9BC2-4E31-8AC2-40789CF76473}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B17F0DD6-02C4-43E2-867F-E06747433BC4}" = lport=139 | protocol=6 | dir=in | app=system | "{B9714CCC-1307-4BD6-B473-37D6A039497E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CF9AE7E3-F726-4D25-92E6-94D7A77F3677}" = rport=138 | protocol=17 | dir=out | app=system | "{D4801A08-13AA-4343-B341-127C1D4D7D52}" = rport=139 | protocol=6 | dir=out | app=system | "{D67B4F5C-0E6E-435B-9884-C3EDD6BD3DBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA0D9228-BAF0-4F85-8CE6-99C1C923CA17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1C22C65-BF4F-40F8-91E0-9EA1D55DC1BB}" = rport=137 | protocol=17 | dir=out | app=system | "{E8F58CC8-D2B6-44D9-97E2-450561550A70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F1DAE028-A089-4072-B92A-62E41708D22D}" = rport=10243 | protocol=6 | dir=out | app=system | "{F27EEDBA-C6C0-4E32-9DAB-F04EBB86E9AE}" = rport=445 | protocol=6 | dir=out | app=system | "{F37BF68D-74AB-41B3-B320-6A605B82A950}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4746EE7-6361-4AC8-86F9-DD6B30FC163A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F4A0118B-4BD7-4F63-9C5E-54FD10777237}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02293BE9-7DEC-49BB-9C88-4DF5A15D8DF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{0795488A-4F3E-4C31-91ED-6A13E3769DB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1513C611-01F1-4E7B-A1D0-2B3D0D04FAD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F5EE862-7B0A-46AD-B69D-2244B5C5FFE8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{21A5C5A5-0198-4A68-AB87-F3D77E263BD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{23B30EFB-4683-4161-9B4B-1F574ACF92FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{2619D859-316C-4215-AA7B-0F883AA0996A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2C53085E-4B96-4D0D-AFA6-C8ADF89F6162}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{2F19C965-88DB-4456-BA26-B079BA6E964B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{31ADD8A1-FDDD-4118-B24C-53D06C921A26}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{33A50A41-80C4-41CD-828A-13D94106509A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{3CAAC477-0744-418A-A664-65C41E6F8CE7}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{3CD32C12-C362-405B-BB77-30E90A69C088}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3CF638C8-82E6-4E71-98D5-577ABF737B3E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4BAF10C2-3465-4969-8101-846C946D2D90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{532A04BC-7DDE-4806-A259-698FBD374D8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{54CDBF6C-CA02-461E-8BE1-0932675F2272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{56CC0F2E-F61C-4253-B1EF-1675A90EC947}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{58257898-DEE2-4970-A886-FAA528C6FD40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5999E50A-E3BC-4F3C-A912-A7E6DB572055}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5F4D4F60-767B-4FB2-9E67-0D6A134D237F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{65DDD488-E29D-46CF-8718-C9B68F212046}" = protocol=17 | dir=in | app=c:\users\jessy\appdata\roaming\dropbox\bin\dropbox.exe | "{6956E826-188C-4430-97C1-C716FF7BB7A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{6C508FC0-99A7-4C04-97AF-663BE3825BB5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{6D5D0B53-7310-4081-87C1-9A8129A8C840}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6DF2BF42-D827-4BDE-A751-8502830889BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7C7B244E-1DCE-43FF-9631-5DAF6EF819A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{7CE2D7D6-D6A7-40AC-B4CA-A0C4D9F63529}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7DB73743-D5F8-48C3-B45C-42B39A4B6E42}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7FDB17C8-3195-4D4F-9D97-5D3622E26DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{805B464C-5ADD-4011-84FE-6C299F9C84DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{82379CB9-49B7-4CAF-ACEA-A40A55967883}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{825A742C-A295-4E96-A890-D674A8CE35D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{85EA507F-BB73-49E8-82EF-6617FD7EEE74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{868B95AE-C8B7-4038-8A04-D216A1A89A0F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{89615B54-9AD9-464B-8B34-4B6624CC2BD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{8B68A48E-AC1F-41EE-A9C9-AF6DB67C7C77}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{91156841-529A-467C-BC78-5316BA6DA389}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{96961171-CD13-4AAF-822D-02EB39F4E6CC}" = protocol=6 | dir=out | app=system | "{A00DB8D6-0ED5-4E85-8955-ED1A02F02C0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{A55234F5-BB7B-4905-8AC0-79F14DE9B3DA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe | "{A683290B-C65C-43B4-AF49-8E8F70B7C85E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{AE159F99-7446-42FA-87DE-901A3C44DB15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BAC10A49-ECA2-4719-AC36-13BEDF4CE579}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BEBD19C6-8D7C-4B36-9C67-945544DAD3B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{C10D99FA-84BF-4904-BB6B-2C16D1F6E6E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C50C17A3-649E-4C54-A31F-F7B2E98FBE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C92F52D5-DC0A-4CCC-8077-5D167249D1FB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe | "{C9A2264E-71FC-471C-9F5E-E5885B9B7BEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{DC8E35A3-8F0B-4A0B-ABA2-24FDE6504148}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DCB736F1-9CF4-49FA-BFE2-F483DB8EE2BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{ECB5AAB6-7EB6-43D9-A365-A30BC6A68BF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F5AFCA2E-65A2-40C4-A609-AC22D235734B}" = protocol=6 | dir=in | app=c:\users\jessy\appdata\roaming\dropbox\bin\dropbox.exe | "{F6C2CF20-9D12-4108-80BA-3628C8A43BF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "TCP Query User{8B720CE4-92A3-41F6-AD03-17B117965BD4}C:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe | "TCP Query User{BF271CC7-5672-411B-87AF-CF60DC501B42}C:\users\jessy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jessy\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4B2DBC16-8FD0-4D4B-848D-62E9B85B0AE7}C:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe | "UDP Query User{C966795A-854E-4106-8C5F-76C86FCA6F1C}C:\users\jessy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jessy\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{AB1CF8F1-C0B8-4EDD-B5B1-E6B19B6CBCA4}" = PretonSaver Home Edition "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C182D467-6F0A-418A-8B38-788F376F7502}" = Windows-Migrationsassistent "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "CdCoverCreator" = CdCoverCreator 2.5.3 "FLV Player" = FLV Player 2.0 (build 25) "Free Audio Converter_is1" = Free Audio Converter version 2.3.815 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "MFU Module" = "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Save Flash" = Save Flash 4.3 "splashtop" = VAIO Quick Web Access "VAIO Help and Support" = "VAIO NW screensaver" = VAIO NW screensaver "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.07.2012 04:44:05 | Computer Name = Jessy-VAIO | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 698 Startzeit: 01cd58f796ff5bfb Endzeit: 47 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 3987db23-c4eb-11e1-b7df-0024be78cd4f Error - 03.07.2012 05:18:40 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 03.07.2012 16:56:18 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 11.07.2012 14:39:46 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 11.07.2012 15:20:02 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 13.07.2012 12:47:57 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 13.07.2012 12:54:47 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 18.07.2012 07:51:12 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 20.07.2012 17:03:31 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... Error - 20.07.2012 18:08:48 | Computer Name = Jessy-VAIO | Source = PretonSaver | ID = 0 Description = Fehler beim Verarbeiten von Sitzungsänderung. System.Runtime.Remoting.RemotingException: Fehler beim Verbinden mit einem IPC-Port: Das System kann die angegebene Datei nicht finden. Server stack trace: bei System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) bei System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) b... [ OSession Events ] Error - 16.01.2010 10:08:45 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 7339 seconds with 6300 seconds of active time. This session ended with a crash. Error - 04.05.2010 17:14:44 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 6558 seconds with 1920 seconds of active time. This session ended with a crash. Error - 08.05.2010 09:54:44 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 09.05.2010 08:08:22 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 2289 seconds with 1980 seconds of active time. This session ended with a crash. Error - 09.05.2010 09:54:11 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 2549 seconds with 2340 seconds of active time. This session ended with a crash. Error - 10.05.2010 14:20:59 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 3644 seconds with 2880 seconds of active time. This session ended with a crash. Error - 10.05.2010 14:59:28 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 51 seconds with 0 seconds of active time. This session ended with a crash. Error - 10.05.2010 15:18:18 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 884 seconds with 540 seconds of active time. This session ended with a crash. Error - 14.07.2010 12:55:41 | Computer Name = Jessy-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5295 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.07.2012 04:41:01 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.07.2012 16:05:19 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.07.2012 14:18:03 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.07.2012 14:44:55 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.07.2012 12:47:17 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.07.2012 07:48:57 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.07.2012 16:23:30 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.07.2012 17:03:23 | Computer Name = Jessy-VAIO | Source = DCOM | ID = 10010 Description = Error - 20.07.2012 17:04:34 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.07.2012 18:09:41 | Computer Name = Jessy-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
21.07.2012, 22:59 | #2 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exeFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jessy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{37C21694-C4C1-43E9-A066-E85D6538C017}: "URL" = http://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKCU\..\SearchScopes\{73DC5CEB-DF51-40A7-A42A-FBAC4CB51A12}: "URL" = http://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{8FE99E1E-D035-499B-B6DC-EAA176B4F701}: "URL" = http://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{A3B192E4-6017-4F9E-9FF7-3185ED57DB61}: "URL" = http://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb44/?search={searchTerms}&loc=search_box&u=1036325671785216417 IE - HKCU\..\SearchScopes\{E028F1B2-D1CD-47C3-8829-FE7D86F5937F}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/mb44/?loc=ff_address_bar&u=1036325671785216417&search=" FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC) O4:64bit: - HKLM..\Run: [] File not found O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:20B17557 :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
31.07.2012, 18:59 | #3 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Vielen Dank für die Hilfe!
__________________Entschuldige bitte die späte Rückmeldung, ich war nicht im Lande Das ist dabei rausgekommen: Code:
ATTFilter All processes killed ========== OTL ========== Service VcmXmlIfHelper stopped successfully! Service VcmXmlIfHelper deleted successfully! File C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found. C:\Users\Jessy\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37C21694-C4C1-43E9-A066-E85D6538C017}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37C21694-C4C1-43E9-A066-E85D6538C017}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73DC5CEB-DF51-40A7-A42A-FBAC4CB51A12}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73DC5CEB-DF51-40A7-A42A-FBAC4CB51A12}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FE99E1E-D035-499B-B6DC-EAA176B4F701}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FE99E1E-D035-499B-B6DC-EAA176B4F701}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3B192E4-6017-4F9E-9FF7-3185ED57DB61}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3B192E4-6017-4F9E-9FF7-3185ED57DB61}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E028F1B2-D1CD-47C3-8829-FE7D86F5937F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E028F1B2-D1CD-47C3-8829-FE7D86F5937F}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "GMX Suche" removed from browser.search.order.1 Prefs.js: "WEB.DE Suche" removed from browser.search.order.2 Prefs.js: "1und1 Suche" removed from browser.search.order.3 Prefs.js: "amazon.de" removed from browser.search.order.4 Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "https://www.google.de/" removed from browser.startup.homepage Prefs.js: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 removed from extensions.enabledItems Prefs.js: "hxxp://mystart.incredimail.com/mb44/?loc=ff_address_bar&u=1036325671785216417&search=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ deleted successfully. C:\Program Files (x86)\Save Flash\SaveFlash.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ApplePhotoStreams deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rainlendar2 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! ADS C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo deleted successfully. ADS C:\ProgramData\TEMP:20B17557 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Jessy\Desktop\cmd.bat deleted successfully. C:\Users\Jessy\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jessy ->Temp folder emptied: 2379331994 bytes ->Temporary Internet Files folder emptied: 917598 bytes ->Java cache emptied: 10045176 bytes ->FireFox cache emptied: 1112986648 bytes ->Google Chrome cache emptied: 7408977 bytes ->Flash cache emptied: 123322 bytes User: Lernen User: Lernen.Jessy-VAIO User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 274271880 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36048527 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes RecycleBin emptied: 977424578 bytes Total Files Cleaned = 4.576,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Jessy ->Flash cache emptied: 0 bytes User: Lernen User: Lernen.Jessy-VAIO User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07312012_193632 Files\Folders moved on Reboot... C:\Users\Jessy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Jessy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... |
31.07.2012, 19:04 | #4 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Sehr gut! 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
01.08.2012, 10:30 | #5 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Alles gemacht! Nachdem ich den Suchlauf mit Malwarebytes gemacht hatte gabs übrigens 2 Befunde die ich entfernen konnte. Beim darauf folgenden Neustart kam auch keine Fehlermeldung mehr! yay! Das kam dann bei Adw Cleaner raus: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 08/01/2012 at 11:26:38 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Jessy - JESSY-VAIO # Running from : C:\Users\Jessy\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Jessy\AppData\LocalLow\Conduit Folder Found : C:\Users\Jessy\AppData\LocalLow\IncrediMail_MediaBar_2 Folder Found : C:\Program Files (x86)\Conduit File Found : C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\MyStart Search.xml File Found : C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\qip-search.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\IM [x64] Key Found : HKCU\Software\ImInstaller [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.qip.ru [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://qip.ru [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie -\\ Mozilla Firefox v12.0 (de) Profile name : default File : C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\prefs.js Found : user_pref("CT2724386..clientLogIsEnabled", true); Found : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2724386.CT2724407.CommunityChanged", true); Found : user_pref("CT2724386.CT2724431.CommunityChanged", true); Found : user_pref("CT2724386.CT2727162.CommunityChanged", true); Found : user_pref("CT2724386.CT2727622.CommunityChanged", true); Found : user_pref("CT2724386.CT2727646.CommunityChanged", true); Found : user_pref("CT2724386.CT2727678.CommunityChanged", true); Found : user_pref("CT2724386.CT2727750.CommunityChanged", true); Found : user_pref("CT2724386.CTID", "ct2724407"); Found : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Tue Jan 04 2011 14:29:12 GMT+0100"); Found : user_pref("CT2724386.CommunityChanged", true); Found : user_pref("CT2724386.CurrentServerDate", "17-3-2011"); Found : user_pref("CT2724386.DialogsAlignMode", "LTR"); Found : user_pref("CT2724386.DownloadReferralCookieData", ""); Found : user_pref("CT2724386.FirstServerDate", "4-1-2011"); Found : user_pref("CT2724386.FirstTime", true); Found : user_pref("CT2724386.FirstTimeFF3", true); Found : user_pref("CT2724386.FirstTimeSettingsDone", true); Found : user_pref("CT2724386.FixPageNotFoundErrors", true); Found : user_pref("CT2724386.GroupingLastCheckTime", "Tue Jan 04 2011 14:27:12 GMT+0100"); Found : user_pref("CT2724386.GroupingLastErrorCode", ""); Found : user_pref("CT2724386.GroupingLastResponse", true); Found : user_pref("CT2724386.GroupingLastServerUpdateTime", "129373589385170000"); Found : user_pref("CT2724386.GroupingServerCheckInterval", 1440); Found : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2724386.HasUserGlobalKeys", true); Found : user_pref("CT2724386.Initialize", true); Found : user_pref("CT2724386.InitializeCommonPrefs", true); Found : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe"); Found : user_pref("CT2724386.InstallationType", "ConduitIntegration"); Found : user_pref("CT2724386.InstalledDate", "Tue Jan 04 2011 14:27:13 GMT+0100"); Found : user_pref("CT2724386.IsGrouping", true); Found : user_pref("CT2724386.IsMulticommunity", false); Found : user_pref("CT2724386.IsOpenThankYouPage", false); Found : user_pref("CT2724386.IsOpenUninstallPage", true); Found : user_pref("CT2724386.LanguagePackLastCheckTime", "Tue Jan 04 2011 14:27:14 GMT+0100"); Found : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2724386.LastLogin_2.7.2.0", "Tue Jan 04 2011 14:27:14 GMT+0100"); Found : user_pref("CT2724386.LastLogin_3.2.5.2", "Thu Mar 17 2011 16:39:48 GMT+0100"); Found : user_pref("CT2724386.LatestVersion", "3.2.5.2"); Found : user_pref("CT2724386.Locale", "en"); Found : user_pref("CT2724386.LoginCache", 4); Found : user_pref("CT2724386.MCDetectTooltipHeight", "83"); Found : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2724386.MCDetectTooltipWidth", "295"); Found : user_pref("CT2724386.RadioIsPodcast", false); Found : user_pref("CT2724386.RadioMediaID", "21080119"); Found : user_pref("CT2724386.RadioMediaType", "Media Player"); Found : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119"); Found : user_pref("CT2724386.RadioStationName", "Royal-Radio%20"); Found : user_pref("CT2724386.RadioStationURL", ""); Found : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2724386.SearchFromAddressBarIsInit", true); Found : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...] Found : user_pref("CT2724386.SearchInNewTabEnabled", true); Found : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); Found : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2724386.ServiceMapLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"); Found : user_pref("CT2724386.SettingsCheckIntervalMin", 120); Found : user_pref("CT2724386.SettingsLastCheckTime", "Tue Jan 04 2011 14:27:12 GMT+0100"); Found : user_pref("CT2724386.SettingsLastUpdate", "1292878138"); Found : user_pref("CT2724386.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Tue Jan 04 2011 14:27:12 GMT+0100"); Found : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Found : user_pref("CT2724386.Uninstall", true); Found : user_pref("CT2724386.UserID", "UN60974308613677695"); Found : user_pref("CT2724386.WeatherNetwork", ""); Found : user_pref("CT2724386.WeatherPollDate", "Tue Jan 04 2011 14:27:13 GMT+0100"); Found : user_pref("CT2724386.WeatherUnit", "C"); Found : user_pref("CT2724386.clientLogIsEnabled", false); Found : user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR"); Found : user_pref("CT2724386.ct2724407.FirstTimeSettingsDone", true); Found : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false); Found : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); Found : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", ""); Found : user_pref("CT2724386.ct2724407.GroupingLastResponse", true); Found : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129361239174000000"); Found : user_pref("CT2724386.ct2724407.InvalidateCache", false); Found : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"); Found : user_pref("CT2724386.ct2724407.Locale", "de"); Found : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); Found : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000"); Found : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Found : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Thu Mar 17 2011 16:39:48 GMT+0100"); Found : user_pref("CT2724386.ct2724407.SettingsCheckIntervalMin", 120); Found : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"); Found : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1299165927"); Found : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Thu Mar 17 2011 16:39:47 GMT+0100"); Found : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"[...] Found : user_pref("CT2724386.ct2724407.toolbarContextMenuLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"[...] Found : user_pref("CT2724386.myStuffEnabled", true); Found : user_pref("CT2724386.myStuffPublihserMinWidth", 400); Found : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2724386.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2724386.testingCtid", ""); Found : user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...] Found : user_pref("CommunityToolbar.EngineOwner", "CT2724386"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_2"); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2724386"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_2"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/mb44/?loc[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2724386"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386"); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 16 2011 20:13:07 GMT+0100"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Mar 16 2011 20:13:07 GMT+0100"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "0628edaa-4208-40f5-a961-3620aef7abf8"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); -\\ Google Chrome v [Unable to get version] File : C:\Users\Jessy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [14149 octets] - [01/08/2012 11:26:38] ########## EOF - C:\AdwCleaner[R1].txt - [14278 octets] ########## |
01.08.2012, 12:22 | #6 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Wo ist das Logfile von MBAM?
__________________ --> Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe |
01.08.2012, 17:06 | #7 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exeCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.31.12 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Jessy :: JESSY-VAIO [Administrator] Schutz: Aktiviert 01.08.2012 09:12:04 mbam-log-2012-08-01 (09-12-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397776 Laufzeit: 1 Stunde(n), 40 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\$Recycle.Bin\S-1-5-21-1089422785-3578978157-4105739505-1001\$RNJM6QL.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jessy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.12077690018228271.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
01.08.2012, 17:10 | #8 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
02.08.2012, 14:19 | #9 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Also das ist schonmal die Logdatei vom adxcleaner: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 08/02/2012 at 14:54:03 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Jessy - JESSY-VAIO # Running from : C:\Users\Jessy\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Jessy\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Jessy\AppData\LocalLow\IncrediMail_MediaBar_2 Folder Deleted : C:\Program Files (x86)\Conduit File Deleted : C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\MyStart Search.xml File Deleted : C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\searchplugins\qip-search.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Conduit ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.qip.ru --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://qip.ru --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie --> hxxp://www.google.com -\\ Mozilla Firefox v12.0 (de) Profile name : default File : C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\prefs.js C:\Users\Jessy\AppData\Roaming\Mozilla\Firefox\Profiles\84uq1byp.default\user.js ... Deleted ! Deleted : user_pref("CT2724386..clientLogIsEnabled", true); Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true); Deleted : user_pref("CT2724386.CTID", "ct2724407"); Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Tue Jan 04 2011 14:29:12 GMT+0100"); Deleted : user_pref("CT2724386.CommunityChanged", true); Deleted : user_pref("CT2724386.CurrentServerDate", "17-3-2011"); Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2724386.DownloadReferralCookieData", ""); Deleted : user_pref("CT2724386.FirstServerDate", "4-1-2011"); Deleted : user_pref("CT2724386.FirstTime", true); Deleted : user_pref("CT2724386.FirstTimeFF3", true); Deleted : user_pref("CT2724386.FirstTimeSettingsDone", true); Deleted : user_pref("CT2724386.FixPageNotFoundErrors", true); Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Tue Jan 04 2011 14:27:12 GMT+0100"); Deleted : user_pref("CT2724386.GroupingLastErrorCode", ""); Deleted : user_pref("CT2724386.GroupingLastResponse", true); Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129373589385170000"); Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2724386.HasUserGlobalKeys", true); Deleted : user_pref("CT2724386.Initialize", true); Deleted : user_pref("CT2724386.InitializeCommonPrefs", true); Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe"); Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2724386.InstalledDate", "Tue Jan 04 2011 14:27:13 GMT+0100"); Deleted : user_pref("CT2724386.IsGrouping", true); Deleted : user_pref("CT2724386.IsMulticommunity", false); Deleted : user_pref("CT2724386.IsOpenThankYouPage", false); Deleted : user_pref("CT2724386.IsOpenUninstallPage", true); Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Tue Jan 04 2011 14:27:14 GMT+0100"); Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2724386.LastLogin_2.7.2.0", "Tue Jan 04 2011 14:27:14 GMT+0100"); Deleted : user_pref("CT2724386.LastLogin_3.2.5.2", "Thu Mar 17 2011 16:39:48 GMT+0100"); Deleted : user_pref("CT2724386.LatestVersion", "3.2.5.2"); Deleted : user_pref("CT2724386.Locale", "en"); Deleted : user_pref("CT2724386.LoginCache", 4); Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2724386.RadioIsPodcast", false); Deleted : user_pref("CT2724386.RadioMediaID", "21080119"); Deleted : user_pref("CT2724386.RadioMediaType", "Media Player"); Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119"); Deleted : user_pref("CT2724386.RadioStationName", "Royal-Radio%20"); Deleted : user_pref("CT2724386.RadioStationURL", ""); Deleted : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...] Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true); Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"); Deleted : user_pref("CT2724386.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Tue Jan 04 2011 14:27:12 GMT+0100"); Deleted : user_pref("CT2724386.SettingsLastUpdate", "1292878138"); Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Tue Jan 04 2011 14:27:12 GMT+0100"); Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Deleted : user_pref("CT2724386.Uninstall", true); Deleted : user_pref("CT2724386.UserID", "UN60974308613677695"); Deleted : user_pref("CT2724386.WeatherNetwork", ""); Deleted : user_pref("CT2724386.WeatherPollDate", "Tue Jan 04 2011 14:27:13 GMT+0100"); Deleted : user_pref("CT2724386.WeatherUnit", "C"); Deleted : user_pref("CT2724386.clientLogIsEnabled", false); Deleted : user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2724386.ct2724407.FirstTimeSettingsDone", true); Deleted : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false); Deleted : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", ""); Deleted : user_pref("CT2724386.ct2724407.GroupingLastResponse", true); Deleted : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129361239174000000"); Deleted : user_pref("CT2724386.ct2724407.InvalidateCache", false); Deleted : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.Locale", "de"); Deleted : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000"); Deleted : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Deleted : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Thu Mar 17 2011 16:39:48 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1299165927"); Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Thu Mar 17 2011 16:39:47 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"[...] Deleted : user_pref("CT2724386.ct2724407.toolbarContextMenuLastCheckTime", "Thu Mar 17 2011 16:39:47 GMT+0100"[...] Deleted : user_pref("CT2724386.myStuffEnabled", true); Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2724386.testingCtid", ""); Deleted : user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2724386"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_2"); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2724386"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_2"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/mb44/?loc[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724386"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386"); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 16 2011 20:13:07 GMT+0100"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Mar 16 2011 20:13:07 GMT+0100"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "0628edaa-4208-40f5-a961-3620aef7abf8"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jan 04 2011 14:27:13 GMT+0100"); -\\ Google Chrome v [Unable to get version] File : C:\Users\Jessy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [14266 octets] - [01/08/2012 11:26:38] AdwCleaner[S1].txt - [14283 octets] - [02/08/2012 14:54:03] ########## EOF - C:\AdwCleaner[S1].txt - [14412 octets] ########## |
02.08.2012, 14:36 | #10 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Warum ist es nicht drauf? ALLE Windows Updates einspielen inkl. SP1! |
05.08.2012, 18:36 | #11 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Ich kann es ja nicht updaten da ich es nicht installieren kann. Ich lade den Installer runter, öffne, wähle die Spracheinstellung und erhalte die Fehlermeldung: "Für den Betrieb auf Windows 7 oder WIndows Server 2008 R2 ist das Service Pack 1 erforderlich" Ich habe den Installer jetzt schon einige Male über den hier geposteten Link sowie über den Link in der Anleitung runtergeladen, es passiert immer das selbe. |
05.08.2012, 20:21 | #12 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Warm ist SP 1 nicht installiert? Sofort alle Windows Updates einspielen. |
14.08.2012, 21:18 | #13 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Ich kann keine Updates aufspielen, da die Fehlermeldung sofort nach der Sprachauswahl kommt, d.h. ich öffne es, wähle Deutsch als Sprache und folgende Fehlermeldung erscheint: "Für den Betrieb auf Windows 7 oder Windows Server 2008 R2 ist das Service Pack 1 erforderlich" |
15.08.2012, 08:50 | #14 |
/// Helfer-Team | Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Sofort alle Windows Updates einspielen. Inklusive SP1 ! |
15.08.2012, 16:29 | #15 |
| Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe Ok, ich hab es endlich! Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 15.08.2012 15:05:53 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\ Archiv Scan: An ADS Scan: An Scan Beginn: 15.08.2012 15:06:18 C:\Users\Jessy\AppData\Local\Temp\nsk8623.tmp gefunden: Riskware.Win32.Somoto.AMN!E1 C:\Users\Jessy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFHKY2X6\bi_downloader[1].exe gefunden: Riskware.Win32.Somoto.AMN!E1 Gescannt 657619 Gefunden 2 Scan Ende: 15.08.2012 17:07:35 Scan Zeit: 2:01:17 |
Themen zu Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe |
antivir, appdata, avira, bho, bonjour, converter, error, fehlermeldung, firefox, flash player, format, home, install.exe, logfile, microsoft office word, modul, mozilla, nodrives, office 2007, origin, plug-in, problem, realtek, registry, rundll, scan, searchscopes, security, senden, software, starten, svchost.exe, systemstart, udp, visual studio, windows |