|
Log-Analyse und Auswertung: starterfenster.com nach vlc player download von vlc.deWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.10.2012, 13:37 | #1 |
| starterfenster.com nach vlc player download von vlc.de Hallo zusammen! Blöderweise habe ich, wie viele andere hier, den vlc player von vlc.de runtergeladen und jetzt öffnet sich immer www.startfenster.com, wenn ich Mozilla oder GoogleChrome öffne. Ich habe den Player bis jetzt noch nicht deinstaliert. Sollte ich das machen? Weder mein Avira Free Antivirus noch mein Malwarebytes Anti-Malware hat ein infiziertes Objekt gefunden. Hier den Malwarebytes Anti-Malware -Log dazu: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Leila :: LEILA-PC [Administrator] 03.10.2012 10:20:27 mbam-log-2012-10-03 (10-20-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 351428 Laufzeit: 2 Stunde(n), 3 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier der Otl.txt-Log (die Extra.txt und Gmer.txt im Anhang): Code:
ATTFilter OTL logfile created on: 02.10.2012 17:48:45 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Leila\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,51% Memory free 3,98 Gb Paging File | 2,40 Gb Available in Paging File | 60,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 111,92 Gb Free Space | 39,49% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.02 17:46:39 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Downloads\OTL.exe PRC - [2012.08.08 22:39:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 08:54:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.09 08:54:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe PRC - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\systemcore\mfefire.exe PRC - [2011.10.18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\systemcore\mcshield.exe PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.16 19:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Programme\mcafee.com\agent\mcagent.exe PRC - [2011.07.27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\mcsvchost\McSvHost.exe PRC - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe PRC - [2010.11.04 00:37:10 | 000,111,216 | ---- | M] (STMicroelectronics) -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe PRC - [2010.10.20 20:06:44 | 001,381,728 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe PRC - [2010.10.18 22:52:50 | 001,021,504 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Dell\duo Stage\duoStage.exe PRC - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe PRC - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 22:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe PRC - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2010.07.30 21:56:32 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe PRC - [2010.07.30 21:56:18 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe PRC - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe PRC - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.06.08 18:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe PRC - [2010.05.13 01:38:16 | 002,928,800 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2010.01.20 16:45:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\syncables.exe PRC - [2010.01.20 16:45:00 | 000,220,976 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\OTiSyncApp.exe PRC - [2010.01.20 16:45:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 10:40:17 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.14 10:38:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.14 10:37:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.10 11:37:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll MOD - [2012.05.10 11:32:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 11:30:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll MOD - [2012.05.10 11:29:25 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.10 11:29:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.10 11:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.10 11:28:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.10 11:28:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.04 00:37:10 | 000,146,032 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll MOD - [2010.09.29 17:46:26 | 000,103,488 | ---- | M] () -- C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll MOD - [2010.08.12 02:19:34 | 000,077,024 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\zlib1.dll MOD - [2010.08.12 02:19:32 | 000,109,792 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STPE.dll MOD - [2010.08.12 02:19:32 | 000,072,928 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STRegistry.dll MOD - [2010.08.12 02:19:30 | 000,232,672 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STFiles.dll MOD - [2010.08.12 02:19:30 | 000,126,176 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STLog.dll MOD - [2010.08.12 02:19:30 | 000,119,008 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STNLS.dll MOD - [2010.08.12 02:19:26 | 001,121,504 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\libxml2.dll MOD - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2010.01.20 16:45:00 | 000,090,112 | ---- | M] () -- C:\Programme\syncables\syncables desktop\2208TR.dll MOD - [2009.12.23 18:45:04 | 007,505,920 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtGui4.dll MOD - [2009.09.09 03:51:08 | 000,347,648 | ---- | M] () -- C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll MOD - [2009.09.09 03:50:52 | 000,177,664 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtSql4.dll MOD - [2009.09.08 22:01:32 | 002,070,528 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtCore4.dll MOD - [2009.07.18 01:08:36 | 000,850,944 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtNetwork4.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.06.25 18:05:10 | 000,311,296 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtXml4.dll MOD - [2007.04.13 17:39:14 | 000,252,672 | ---- | M] () -- C:\Programme\Dell\duo Stage\kgl.dll ========== Services (SafeList) ========== SRV - [2012.09.21 12:01:32 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.11 21:47:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 08:54:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp) SRV - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2011.10.18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.23 16:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS) SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.06.05 20:05:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA) SRV - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg) SRV - [2010.09.23 21:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [On_Demand | Stopped] -- C:\Windows\System32\CxUSBDock32.exe -- (CxUSBDock) SRV - [2010.09.23 00:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programme\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - [2012.05.09 08:54:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 08:54:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.10.15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011.10.15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.10.15 14:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011.10.15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.10.15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.10.15 14:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011.10.15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011.10.15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.01.06 11:37:26 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV - [2011.01.05 11:45:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.21 19:54:54 | 000,028,272 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LSM303DLH.sys -- (LSM303DLH) DRV - [2010.08.12 18:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2010.07.31 05:43:22 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2010.07.30 23:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0) DRV - [2010.07.30 19:12:32 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2010.07.30 19:12:32 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2010.07.30 19:12:32 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2010.07.30 19:12:32 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2010.07.30 19:12:32 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2010.07.30 19:12:32 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2010.07.22 19:24:42 | 001,802,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.06.22 21:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2010.06.22 12:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.25 01:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.02.23 04:48:32 | 000,010,624 | ---- | M] (ConnectSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QWARQNet.sys -- (QWARQNet) DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.05.28 18:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2007.06.04 11:53:20 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC) DRV - [2006.11.02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1} IE - HKLM\..\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKCU\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com" FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011.01.05 10:19:19 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.10.02 17:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.29 14:40:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.26 11:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions [2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.26 00:35:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com [2011.05.29 14:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.02 17:01:10 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2012.09.11 21:47:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2012.05.21 21:43:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 21:47:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.21 21:43:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.21 21:43:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.21 21:43:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.21 21:43:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.startfenster.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.startfenster.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120227163358.dll (McAfee, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\msc\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.02 17:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.10.02 16:58:38 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic [2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc [2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit [2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September [2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4} [2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe [2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe [2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Leila\AppData\Roaming\xvid.exe [2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe [2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.02 18:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable [2012.10.02 17:17:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.02 17:04:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 17:04:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 17:01:54 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.02 17:01:54 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.02 17:01:54 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.02 17:01:54 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.02 16:58:30 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.10.02 16:56:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.02 16:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.02 16:55:55 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2012.10.02 16:54:59 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:43:28 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.25 21:19:33 | 316,711,050 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.04.24 12:14:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe [2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe [2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft [2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn [2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy [2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc [2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client [2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird [2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP [2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia ========== Purity Check ========== < End of report > Als ich mit dem GMER gescannt habe gabs ein paar Probleme. Er hat mir gemeldet, dass deeqmOze.exe nicht mehr funktioniert und der ganze Rechner hat nichts mehr gemacht. Ich hab ihn dann neu gestartet und das ganze nochmal gemacht. Dann hat sich zwischendrin folgendes Fenster geöffnet: Advice: Diese Anwendung erfordert, dass STMicroelectronics 3-Achsen-Beschleunigungssensor/ Magnetometer- Sensor aktiviert werden. Der Sensor ist derzeit deaktiviert. Bitte aktivieren sie den Sensor über das Control Panel (Hardware und Sound- Location und andere Sensoren). Ich hab dann einfach auf OK gedrückt und nichts gemacht. Der GMER hat weitergescannt und mir am Ende auch ein Gmer.txt erstellt. Bedeutet das irgendwas? Ganz unten unter der Anleitung von euch stand dann noch, man solle Extra.txt und Gmer.txt in einen Zip-Ordner packen. Da gabs dann auch einen Link, wo man sich einen 7-Zip (Freeware) herunterladen kann. Das hab ich dann auch gemacht, aber dann hat mein Avira Free Antivirus Alarm geschlagen und mir gesagt, dass da ein Virus drin ist. Hier die Meldung: Code:
ATTFilter Die Datei 'C:\Users\Leila\Downloads\jZipV1.exe' enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d55091.qua' verschoben! Danke schonmal! Gruß, Gesa |
03.10.2012, 21:00 | #2 | |||
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.de Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
für Win7 das Service Pack 1 (SP1) fehlt: das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen. Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein! Nur am Ende der Reinigung der aktuelle Version installieren! - ich werde Dir Bescheid sagen wann! ► Hilfeleistung - geplante Vorgehensweise:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Hast Du OTL falsch gespeichert: es muss auf dem Desktop abgelegt werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw gruß kira
__________________ |
04.10.2012, 12:14 | #3 |
| starterfenster.com nach vlc player download von vlc.de Hallo Kira!
__________________Vielen Dank, dass Du dich meinem Problem annimmst! Was Computer angeht bin ich leider nicht sonderlich versiert... Solange er irgendwie funktioniert beschäftige ich mich nicht weiter damit... Aber ich bin dir für jede Anregung zur Verbesserung dankbar! Also, jetzt versuch ich erstmal, dir Schritt für Schritt zu folgen. Hier die Logs, die ich erstellt hab: Erst der Malwarebytes Anti- Malware- Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.03 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Leila :: LEILA-PC [Administrator] 04.10.2012 09:22:14 mbam-log-2012-10-04 (09-22-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 351980 Laufzeit: 2 Stunde(n), 16 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier die Otl.txt: Code:
ATTFilter OTL logfile created on: 04.10.2012 11:55:34 - Run 2 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,44% Memory free 3,98 Gb Paging File | 2,27 Gb Available in Paging File | 57,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 113,03 Gb Free Space | 39,88% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Leila\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.) PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.) PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) PRC - C:\Programme\syncables\syncables desktop\OTiSyncApp.exe (syncables, LLC) PRC - C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll () MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll () MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll () MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Programme\syncables\syncables desktop\2208TR.dll () MOD - C:\Programme\Dell\duo Stage\QtGui4.dll () MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Dell\duo Stage\QtSql4.dll () MOD - C:\Programme\Dell\duo Stage\QtCore4.dll () MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\Dell\duo Stage\QtXml4.dll () MOD - C:\Programme\Dell\duo Stage\kgl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (EMP_UDSA) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION) SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (AtherosSvc) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (eppvad_simple) -- C:\Windows\System32\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.) DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation) DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.) DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1} IE - HKLM\..\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKCU\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011.01.05 10:19:19 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.29 14:40:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.26 11:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions [2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.26 00:35:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com [2011.05.29 14:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.11 21:47:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2012.05.21 21:43:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 21:47:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.21 21:43:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.21 21:43:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.21 21:43:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.21 21:43:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.startfenster.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.startfenster.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.04 11:49:18 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic [2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc [2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit [2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September [2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4} [2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe [2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe [2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Leila\AppData\Roaming\xvid.exe [2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe [2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.04 12:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.04 11:17:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.04 09:20:40 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.04 09:20:40 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 09:14:10 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.10.04 09:13:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.04 09:13:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.04 09:12:52 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2012.10.04 09:02:16 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.04 09:02:16 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.04 09:02:16 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.04 09:02:16 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.03 13:01:37 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.10.02 19:19:49 | 310,804,714 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.04.24 12:14:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe [2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe [2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft [2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn [2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy [2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc [2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client [2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird [2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP [2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.10.2012 11:55:34 - Run 2 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,44% Memory free 3,98 Gb Paging File | 2,27 Gb Available in Paging File | 57,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 113,03 Gb Free Space | 39,88% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | "{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | "{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | "{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | "{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | "{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | "{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | "{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | "{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | "{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | "{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{693DAA65-0EAF-4F93-9E89-46D207F0B429}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{862AE295-24A0-436F-BA74-290DD0326CDC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | "{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | "{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net (06/04/2007 1.0.0.3) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AvsP_is1" = AvsP "BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1 "CNXT_AUDIO_HDA" = Conexant HD Audio "Dell Support Center" = Dell Support Center "Dell Webcam Central" = Dell Webcam Central "FastStone Image Viewer" = FastStone Image Viewer 4.4 "ffdshow_is1" = ffdshow [rev 3029] [2009-07-10] "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706 "Google Chrome" = Google Chrome "GUI for dvdauthor" = GUI for dvdauthor 1.07 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ShapeCollage" = Shape Collage "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUpMedia" = TuneUp 2.4.6.4 "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.09.2012 15:29:58 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7176 Error - 30.09.2012 15:29:58 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7176 Error - 30.09.2012 15:32:06 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.09.2012 15:32:06 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 134832 Error - 30.09.2012 15:32:06 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 134832 Error - 30.09.2012 15:32:07 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.09.2012 15:32:07 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 135861 Error - 30.09.2012 15:32:07 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 135861 Error - 30.09.2012 16:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (6768) Asapi: (22:00:07:0880)(6768) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll' Error - 30.09.2012 16:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (6768) Asapi: (22:00:07:0960)(6768) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load. [ Dell Events ] Error - 25.09.2012 10:23:29 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 03.10.2012 08:11:17 | Computer Name = Leila-PC | Source = volsnap | ID = 393222 Description = Die Schattenkopie von Volume "C:" konnte kein neues Pageheap erstellen. Dem System steht nicht ausreichend virtueller Speicher zur Verfügung. Error - 03.10.2012 10:00:21 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 03.10.2012 10:00:47 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 03.10.2012 11:40:42 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 03.10.2012 11:41:08 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.10.2012 02:55:56 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 04.10.2012 02:56:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.10.2012 03:13:07 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 04.10.2012 03:13:30 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.10.2012 03:16:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. < End of report > Und zum Schluss die Programme: Code:
ATTFilter Accelerometer-Magnetometer STMicroelectronics 05.01.2011 1.00.0028 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 21.09.2012 6,00MB 11.4.402.278 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 21.09.2012 6,00MB 11.4.402.278 Adobe Reader 9.1.2 - Deutsch Adobe Systems Incorporated 05.01.2011 240MB 9.1.2 Advanced Audio FX Engine Creative Technology Ltd 05.01.2011 1.12.05 Apple Application Support Apple Inc. 14.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 14.03.2012 24,3MB 5.1.1.4 Apple Software Update Apple Inc. 14.03.2012 2,38MB 2.1.3.127 Ask Toolbar Ask.com 25.11.2011 3,19MB 1.12.5.0 Avira Free Antivirus Avira 12.09.2012 105MB 12.0.0.1199 AviSynth 2.5 24.04.2012 AvsP 24.04.2012 Bing Bar Microsoft Corporation 05.01.2011 6.0.2282.0 Bing Maps 3D Microsoft Corporation 05.01.2011 15,0MB 4.0.903.16005 Bonjour Apple Inc. 14.03.2012 1,02MB 3.0.0.10 Broadcom CrystalHD Decoder Broadcom Corporation 05.01.2011 7,99MB 3.5.0.32 CCleaner Piriform 24.09.2012 3.23 Conexant HD Audio Conexant 05.01.2011 4.126.0.62 CyberLink YouPaint CyberLink Corp. 05.01.2011 72,1MB 1.2.2124 Dell DataSafe Local Backup Dell 05.01.2011 9.4.47 Dell DataSafe Local Backup - Support Software Dell 05.01.2011 Dell duo Stage ArcSoft 05.01.2011 20,8MB 1.0.0.11 Dell duo Station ArcSoft 05.01.2011 1.0.7.34 Dell Getting Started Guide Dell Inc. 05.01.2011 1.00.0000 Dell PhotoStage ArcSoft 05.01.2011 101MB 1.5.0.19 Dell Support Center Dell Inc. 05.01.2011 3.0.5621.01 Dell VideoStage CyberLink Corp. 05.01.2011 1.1.0.1011 Dell Webcam Central Creative Technology Ltd 05.01.2011 2.00.35 Dell WLAN and Bluetooth Client Installation Dell Inc. 05.01.2011 9.0 DVD slideshow GUI 0.9.4.1 Tin2tin 24.04.2012 106MB DVD slideshow GUI 0.9.4.1 Epson USB Display SEIKO EPSON CORPORATION 26.04.2012 1.51.000 FastStone Image Viewer 4.4 FastStone Soft 24.04.2012 4.4 ffdshow [rev 3029] [2009-07-10] 24.04.2012 1.0 Free YouTube to MP3 Converter version 3.11.26.706 DVDVideoSoft Ltd. 26.07.2012 92,0MB 3.11.26.706 Google Chrome Google Inc. 24.05.2012 22.0.1229.79 Google Earth Google 24.05.2012 107MB 6.2.2.6613 GoToMeeting 5.1.0.880 CitrixOnline 12.03.2012 5.1.0.880 GUI for dvdauthor 1.07 Boraxsoft 24.04.2012 1.07 ImgBurn LIGHTNING UK! 24.04.2012 2.5.5.0 Intel(R) Graphics Media Accelerator Driver Intel Corporation 05.01.2011 54,2MB 8.14.10.2117 Intel(R) Rapid Storage Technology Intel Corporation 05.01.2011 9.6.4.1002 iTunes Apple Inc. 14.03.2012 156MB 10.6.0.40 Janitos Offline-Tarifrechner 3.2.6.2 Fairware24 13.08.2012 Java(TM) 6 Update 22 Oracle 05.01.2011 97,0MB 6.0.220 Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 04.10.2012 19,2MB 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.05.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 31.05.2011 2,93MB 4.0.30319 Microsoft Office 2010 Microsoft Corporation 05.01.2011 6,31MB 14.0.4763.1000 Microsoft Office Access 2003 Runtime Microsoft Corporation 16.08.2012 279MB 11.0.8173.0 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 13.06.2011 14.0.4763.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 13.06.2011 14.0.4763.1000 Microsoft Silverlight Microsoft Corporation 10.05.2012 100MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.01.2011 1,69MB 3.1.0000 Microsoft Touch Pack for Windows 7 Microsoft Corporation 05.01.2011 325MB 1.0.40517.00 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 300KB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.01.2011 595KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 27.11.2011 12,2MB 10.0.40219 Microsoft XNA Framework Redistributable 3.0 Microsoft Corporation 05.01.2011 7,61MB 3.0.11010.0 Mozilla Firefox 15.0.1 (x86 de) Mozilla 11.09.2012 38,5MB 15.0.1 Mozilla Maintenance Service Mozilla 11.09.2012 327KB 15.0.1 Mozilla Thunderbird (3.1.10) Mozilla 29.05.2011 3.1.10 (de) MPC-HC 1.6.4.6052 MPC-HC Team 02.10.2012 21,3MB 1.6.4.6052 MusicStage Fingertapps 05.01.2011 1.3.31.0 QuickSet32 Dell Inc. 05.01.2011 10.5.030 Qwarq ConnectSoft, Inc. 05.01.2011 1.0.66.29331 Shape Collage Shape Collage Inc. 24.04.2012 Skype Toolbars Skype Technologies S.A. 30.05.2011 5,84MB 5.3.7280 Skype™ 5.10 Skype Technologies S.A. 19.09.2012 19,4MB 5.10.116 SRS Premium Sound Control Panel SRS Labs, Inc. 05.01.2011 1,39MB 1.09.0800 Synaptics Pointing Device Driver Synaptics Incorporated 05.01.2011 46,4MB 15.1.8.0 syncables desktop syncables 05.01.2011 5.5.525.8403 TuneUp 2.4.6.4 TuneUp Media, Inc. 26.07.2012 61,1MB 2.4.6.4 VLC media player 2.0.3 VideoLAN 02.10.2012 2.0.3 Windows Live Essentials Microsoft Corporation 05.01.2011 15.4.3502.0922 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 05.01.2011 5,57MB 15.4.5722.2 Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net (06/04/2007 1.0.0.3) Sitecom Europe BV 24.02.2012 06/04/2007 1.0.0.3 Xvid 1.1.3 final uninstall Xvid team (Koepi) 24.04.2012 1.1 lg, gesa |
04.10.2012, 13:33 | #4 | |||
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.deZitat:
Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter Ask Toolbar <- Adware !! Bing Bar <- unnötig Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL IE - HKLM\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1} IE - HKLM\..\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startfenster.com IE - HKCU\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2011.11.26 00:35:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll CHR - homepage: http://www.startfenster.com CHR - homepage: http://www.startfenster.com CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found [2012.10.04 11:17:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.04 09:13:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
3. Adobe Reader aktualisieren : - Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 4. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! Tipp: -> Java-Updates konfigurieren 5. Aktualisieren: Alte Version deinstallieren und neue herunterladen:-> -> Firefox Kostenloser Download Code:
ATTFilter Mozilla Thunderbird bei Bedarf, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:-> Mozilla Firefox Backup erstellen Info:-> Firefox auf die letzte Version aktualisieren 6. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
7. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
8. erneut einen Scan mit OTL:
9. Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter C:\Users\Leila\Desktop\deeqm0ze.exe C:\Users\Leila\g2mdlhlpx.exe
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name: <hier kommt die Dateiname> Submission date: 2010-10-22 03:34:01 (UTC) Current status: queued queued analysing finished Result: .....% VT Community goodware/badware Safety score: 100.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.10.22.00 2010.10.21 - AntiVir 7.10.13.15 2010.10.21 - Antiy-AVL 2.0.3.7 2010.10.22 - Authentium 5.2.0.5 2010.10.22 - Avast 4.8.1351.0 2010.10.21 - Avast5 5.0.594.0 2010.10.21 - usw........ ...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!! ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
04.10.2012, 22:10 | #5 |
| starterfenster.com nach vlc player download von vlc.de So, ich hab mich jetzt mal von Schritt 1 zu Schritt 9 durchgearbeitet... Hier meine Resultate: zu 2. Das Ergebnis nach dem Fixen mit Otl: Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot. C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found. File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found. Folder C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com\ not found. C:\Programme\Mozilla Firefox\components\Scriptff.dll moved successfully. Use Chrome's Settings page to change the HomePage. Use Chrome's Settings page to change the HomePage. File c:\progra~1\mcafee\msc\npmcsn~1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Leila\Desktop\cmd.bat deleted successfully. C:\Users\Leila\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Leila ->Temp folder emptied: 426814678 bytes ->Temporary Internet Files folder emptied: 26247160 bytes ->Java cache emptied: 110427 bytes ->FireFox cache emptied: 95882283 bytes ->Google Chrome cache emptied: 335204230 bytes ->Flash cache emptied: 76151 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 543569456 bytes RecycleBin emptied: 2164 bytes Total Files Cleaned = 1.362,00 mb OTL by OldTimer - Version 3.2.70.2 log created on 10042012_155618 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found. Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot. zu 7. Das Eset-Protokoll: Code:
ATTFilter F:\$RECYCLE.BIN\S-1-5-21-1053554210-2968338467-1938491687-1000\$RWDKD1F.inf Win32/Bflient.K worm cleaned by deleting - quarantined F:\NAPULJ\sicilija.exe a variant of Win32/Bflient.M worm cleaned by deleting - quarantined F:\OLJA\karlewsa.exe a variant of Win32/Bflient.P worm cleaned by deleting - quarantined G:\OLJA\karlewsa.exe a variant of Win32/Bflient.P worm cleaned by deleting - quarantined zu 8. Die Otl.txt: Code:
ATTFilter OTL logfile created on: 04.10.2012 21:35:24 - Run 3 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,28% Memory free 3,98 Gb Paging File | 2,57 Gb Available in Paging File | 64,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 113,23 Gb Free Space | 39,95% Space Free | Partition Type: NTFS Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe PRC - [2012.08.08 22:39:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 08:54:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe PRC - [2010.11.04 00:37:10 | 000,111,216 | ---- | M] (STMicroelectronics) -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe PRC - [2010.10.20 20:06:44 | 001,381,728 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe PRC - [2010.10.18 22:52:50 | 001,021,504 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Dell\duo Stage\duoStage.exe PRC - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe PRC - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 22:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe PRC - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2010.07.30 21:56:32 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe PRC - [2010.07.30 21:56:18 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe PRC - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe PRC - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.06.08 18:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe PRC - [2010.05.13 01:38:16 | 002,928,800 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2010.01.20 16:45:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\syncables.exe PRC - [2010.01.20 16:45:00 | 000,220,976 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\OTiSyncApp.exe PRC - [2010.01.20 16:45:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 10:38:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.14 10:37:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.10 11:37:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll MOD - [2012.05.10 11:32:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 11:30:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll MOD - [2012.05.10 11:29:25 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.10 11:29:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.10 11:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.10 11:28:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.10 11:28:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.04 00:37:10 | 000,146,032 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll MOD - [2010.09.29 17:46:26 | 000,103,488 | ---- | M] () -- C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll MOD - [2010.08.12 02:19:34 | 000,077,024 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\zlib1.dll MOD - [2010.08.12 02:19:32 | 000,109,792 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STPE.dll MOD - [2010.08.12 02:19:32 | 000,072,928 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STRegistry.dll MOD - [2010.08.12 02:19:30 | 000,232,672 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STFiles.dll MOD - [2010.08.12 02:19:30 | 000,126,176 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STLog.dll MOD - [2010.08.12 02:19:30 | 000,119,008 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STNLS.dll MOD - [2010.08.12 02:19:26 | 001,121,504 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\libxml2.dll MOD - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2010.01.20 16:45:00 | 000,090,112 | ---- | M] () -- C:\Programme\syncables\syncables desktop\2208TR.dll MOD - [2009.12.23 18:45:04 | 007,505,920 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtGui4.dll MOD - [2009.09.09 03:51:08 | 000,347,648 | ---- | M] () -- C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll MOD - [2009.09.09 03:50:52 | 000,177,664 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtSql4.dll MOD - [2009.09.08 22:01:32 | 002,070,528 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtCore4.dll MOD - [2009.07.18 01:08:36 | 000,850,944 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtNetwork4.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.06.25 18:05:10 | 000,311,296 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtXml4.dll MOD - [2007.04.13 17:39:14 | 000,252,672 | ---- | M] () -- C:\Programme\Dell\duo Stage\kgl.dll ========== Services (SafeList) ========== SRV - [2012.09.21 12:01:32 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.05 20:05:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA) SRV - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg) SRV - [2010.09.23 21:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [On_Demand | Stopped] -- C:\Windows\System32\CxUSBDock32.exe -- (CxUSBDock) SRV - [2010.09.23 00:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programme\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 08:54:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 08:54:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.01.06 11:37:26 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV - [2011.01.05 11:45:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.21 19:54:54 | 000,028,272 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LSM303DLH.sys -- (LSM303DLH) DRV - [2010.08.12 18:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2010.07.31 05:43:22 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2010.07.30 23:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0) DRV - [2010.07.30 19:12:32 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2010.07.30 19:12:32 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2010.07.30 19:12:32 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2010.07.30 19:12:32 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2010.07.30 19:12:32 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2010.07.30 19:12:32 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2010.07.22 19:24:42 | 001,802,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.06.22 21:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2010.06.22 12:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.25 01:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.02.23 04:48:32 | 000,010,624 | ---- | M] (ConnectSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QWARQNet.sys -- (QWARQNet) DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.05.28 18:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2007.06.04 11:53:20 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC) DRV - [2006.11.02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = ???????????????`?????´ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions [2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.startfenster.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.startfenster.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk Y:\ O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.04 17:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe [2012.10.04 11:49:18 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic [2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc [2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit [2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September [2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4} [2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe [2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe [2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Leila\AppData\Roaming\xvid.exe [2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe [2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.10.04 21:01:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 17:27:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.04 17:27:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.04 17:26:11 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.04 17:26:11 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.04 17:26:11 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.04 17:26:11 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.04 17:20:40 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.10.04 17:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.04 17:19:20 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg [2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv [2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 13:02:04 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe [2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg [2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv [2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.04.24 12:14:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe [2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe [2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft [2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn [2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy [2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc [2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client [2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird [2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP [2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia ========== Purity Check ========== < End of report > und die Extra.txt: Code:
ATTFilter OTL Extras logfile created on: 04.10.2012 21:35:24 - Run 3 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,28% Memory free 3,98 Gb Paging File | 2,57 Gb Available in Paging File | 64,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 113,23 Gb Free Space | 39,95% Space Free | Partition Type: NTFS Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | "{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | "{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | "{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | "{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | "{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | "{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | "{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | "{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | "{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | "{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | "{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | "{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net (06/04/2007 1.0.0.3) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AvsP_is1" = AvsP "BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Dell Support Center" = Dell Support Center "Dell Webcam Central" = Dell Webcam Central "ESET Online Scanner" = ESET Online Scanner v3 "FastStone Image Viewer" = FastStone Image Viewer 4.4 "ffdshow_is1" = ffdshow [rev 3029] [2009-07-10] "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706 "Google Chrome" = Google Chrome "GUI for dvdauthor" = GUI for dvdauthor 1.07 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ShapeCollage" = Shape Collage "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUpMedia" = TuneUp 2.4.6.4 "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1101382 Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1101382 Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1102474 Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1102474 Error - 02.10.2012 08:40:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (13340) Asapi: (14:40:34:1120)(13340) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll' Error - 02.10.2012 08:40:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (13340) Asapi: (14:40:34:4130)(13340) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load. Error - 02.10.2012 13:25:12 | Computer Name = Leila-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: deeqm0ze.exe, Version: 1.0.15.15641, Zeitstempel: 0x4e21f2b1 Name des fehlerhaften Moduls: deeqm0ze.exe, Version: 1.0.15.15641, Zeitstempel: 0x4e21f2b1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c676 ID des fehlerhaften Prozesses: 0x1774 Startzeit der fehlerhaften Anwendung: 0x01cda0c274b8b42c Pfad der fehlerhaften Anwendung: C:\Users\Leila\Downloads\deeqm0ze.exe Pfad des fehlerhaften Moduls: C:\Users\Leila\Downloads\deeqm0ze.exe Berichtskennung: 1e9679ee-0cb6-11e2-a9f0-0a004ef6fa3d Error - 02.10.2012 13:30:21 | Computer Name = Leila-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. [ Dell Events ] Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 04.10.2012 10:44:04 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.10.2012 11:20:01 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.10.2012 11:20:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 04.10.2012 11:20:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 04.10.2012 11:21:22 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 04.10.2012 11:21:22 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = DCOM | ID = 10005 Description = Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 04.10.2012 11:31:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. < End of report > zu 9. Hier die Ergebnisse von der Datei-Überprüfung mit VirusTotal: 1. C:\Users\Leila\Desktop\deeqm0ze.exe Code:
ATTFilter SHA256: ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0 SHA1: bca23ce5d074b45038076bcd19e5beea2d55fbef MD5: ff72056739c31e4cc920fbdff4f9a8e5 File size: 295.5 KB ( 302592 bytes ) File name: deeqm0ze.exe File type: Win32 EXE Detection ratio: 1 / 41 Analysis date: 2012-10-04 20:35:40 UTC ( 1 Minute ago ) Antivirus Result Update Agnitum - 20121004 AntiVir - 20121004 Antiy-AVL - 20121003 Avast - 20121004 AVG - 20121004 BitDefender - 20121004 CAT-QuickHeal - 20121004 ClamAV - 20121004 Commtouch - 20121004 Comodo - 20121004 DrWeb - 20121004 Emsisoft - 20120919 eSafe - 20121002 ESET-NOD32 - 20121004 F-Prot - 20121004 F-Secure - 20121003 Fortinet - 20121004 GData - 20121004 Ikarus - 20121004 Jiangmin Trojan/JmGenGeneric.aic 20121003 K7AntiVirus - 20121004 Kaspersky - 20121004 Kingsoft - 20120925 McAfee - 20121004 McAfee-GW-Edition - 20121004 Microsoft - 20121004 Norman - 20121003 nProtect - 20121004 Panda - 20121004 PCTools - 20121004 Rising - 20120928 Sophos - 20121004 SUPERAntiSpyware - 20120911 Symantec - 20121003 TheHacker - 20121004 TotalDefense - 20121004 TrendMicro - 20121004 TrendMicro-HouseCall - 20121004 VBA32 - 20121004 VIPRE - 20121004 ViRobot - 20121004 2. C:\Users\Leila\g2mdlhlpx.exe Code:
ATTFilter SHA256: 407168a8d891526b37bc66c2f7fa97df91fa11dd0810bb274c89ff9d66105423 File name: g2mdlhlpx.exe Detection ratio: 1 / 42 Analysis date: 2012-10-04 20:43:13 UTC ( 1 Minute ago ) Antivirus Result Update AhnLab-V3 - 20121003 AntiVir - 20121003 Antiy-AVL - 20121002 Avast - 20121003 AVG - 20121003 BitDefender - 20121003 ByteHero - 20121004 CAT-QuickHeal - 20121002 ClamAV - 20121003 Commtouch - 20121003 Comodo - 20121003 DrWeb - 20121003 Emsisoft - 20120919 eSafe - 20121002 ESET-NOD32 - 20121003 F-Prot - 20120926 F-Secure - 20121003 Fortinet - 20121003 GData - 20121003 Ikarus - 20121003 Jiangmin - 20121002 K7AntiVirus - 20121002 Kaspersky - 20121003 McAfee - 20121003 McAfee-GW-Edition - 20121003 Microsoft - 20121003 MicroWorld-eScan - 20121003 Norman - 20121003 nProtect - 20121003 Panda - 20121002 PCTools - 20121003 Rising - 20120928 Sophos - 20121003 SUPERAntiSpyware - 20120911 Symantec - 20121003 TheHacker Posible_Worm32 20121001 TotalDefense - 20121003 TrendMicro - 20121003 TrendMicro-HouseCall - 20121003 VBA32 - 20121003 VIPRE - 20121003 ViRobot - 20121003 Ok, ich hoffe, dass ich das alles richtig gemacht habe und es das ist, was du brauchst. Das Startfenster kommt immernoch, wenn ich Mozilla oder Googlechrome aufmache... vielleicht soll das an diesem Punkt ja noch so sein...? lg, gesa |
05.10.2012, 08:18 | #6 |
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.de 1. Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen: Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ --> starterfenster.com nach vlc player download von vlc.de |
05.10.2012, 12:21 | #7 |
| starterfenster.com nach vlc player download von vlc.de hallo kira, das hat soweit geklappt, glaube ich... hier der log: Code:
ATTFilter ComboFix 12-10-04.02 - Leila 05.10.2012 12:50:51.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2036.818 [GMT 2:00] ausgeführt von:: c:\users\Leila\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Leila\AppData\Roaming\ImgBurn.exe c:\users\Leila\g2mdlhlpx.exe c:\windows\system32\pt c:\windows\system32\pt\Lagoon.resources.dll Y:\AUTORUN.INF . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-05 bis 2012-10-05 )))))))))))))))))))))))))))))) . . 2012-10-05 11:06 . 2012-10-05 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-04 15:32 . 2012-10-04 15:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93D018FE-B70D-459E-9D1B-8DD0EC9ECB8E}\offreg.dll 2012-10-04 14:34 . 2012-10-04 14:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-04 13:56 . 2012-10-04 13:56 -------- d-----w- C:\_OTL 2012-10-04 10:48 . 2012-10-04 10:49 -------- d-----w- c:\program files\CCleaner 2012-10-04 07:16 . 2012-10-04 07:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-04 07:16 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-03 07:35 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93D018FE-B70D-459E-9D1B-8DD0EC9ECB8E}\mpengine.dll 2012-10-03 07:35 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-10-02 12:51 . 2012-10-04 15:16 -------- d-----w- c:\users\Leila\AppData\Roaming\Media Player Classic 2012-10-02 12:49 . 2012-10-02 12:49 -------- d-----w- c:\program files\MPC-HC 2012-10-02 12:35 . 2012-10-02 12:41 -------- d-----w- c:\users\Leila\AppData\Roaming\vlc 2012-09-25 09:27 . 2012-09-25 09:27 -------- d-----w- c:\program files\MSECache 2012-09-25 08:53 . 2012-09-25 08:53 -------- d-----w- c:\programdata\Microsoft Help 2012-09-25 08:53 . 2012-09-25 08:53 -------- d-----w- c:\users\Leila\AppData\Local\Microsoft Help 2012-09-24 19:25 . 2012-10-02 12:26 -------- d-----w- c:\program files\VideoLAN 2012-09-22 14:55 . 2012-08-24 06:53 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-09-22 14:55 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-09-19 20:39 . 2012-09-19 20:39 -------- d-----w- c:\program files\Common Files\Skype 2012-09-12 06:41 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-21 10:01 . 2012-06-29 07:39 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-21 10:01 . 2011-05-30 18:02 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-18 17:10 . 2012-08-15 15:39 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-09-06 01:26 . 2012-10-04 15:13 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768] "AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176] "AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216] "Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736] "EPSON_UD_START"="c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" [2011-01-06 341416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040] "DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe [2010-10-18 1021504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x] R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x] S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [x] S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [x] S3 LSM303DLH;STMicroelectronics™ 3-Achs Beschleunigungssensor/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . Inhalt des "geplante Tasks" Ordners . 2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 10:01] . 2011-05-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 21:47] . 2012-10-05 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 21:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = IE: Free YouTube to MP3 Converter - c:\users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}] @DACL=(02 0000) "DisplayName"="Bing" "URL"="hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox" "ShowSearchSuggestions"=dword:00000001 "FaviconURL"="hxxp://www.bing.com/favicon.ico" "SuggestionsURL"="hxxp://api.bing.com/qsml.aspx?query={searchTerms}&src={referrer:source?}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Apple.com/iTunes,version=] @DACL=(02 0000) "Description"="iTunes Detektor-Plug-In" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Apple.com/iTunes,version=1.0] @DACL=(02 0000) "Path"="c:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll" "XPTPath"="c:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.xpt" "ProductName"="iTunes Programmdetektor" "Version"="10.6.0.40" "Vendor"="Apple Inc." . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Google.com/GoogleEarthPlugin] @DACL=(02 0000) "Vendor"="Google Inc." "Description"="Google Earth in your browser" "ProductName"="Google Earth Plug-in" "Version"="1.0.0.0" "EarthVersion"="6.2.2.6613" "Path"="c:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@java.com/JavaPlugin] @DACL=(02 0000) "Description"="Oracle® Next Generation Java™ Plug-In" "GeckoVersion"="1.9" "Path"="c:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll" "ProductName"="Oracle® Java™ Plug-In" "Vendor"="Oracle Corp." "Version"="160_22" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/GENUINE] @DACL=(02 0000) "Path"="disabled" "GeckoVersion"="1.7.5" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] @DACL=(02 0000) "Description"="Ag Player Plugin" "GeckoVersion"="1.7.5" "Path"="c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll" "ProductName"="Ag Player" "Vendor"="Microsoft" "Version"="4.1" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0] @DACL=(02 0000) "Description"="Bing Bar" "Path"="c:\\Program Files\\MSN Toolbar\\Platform\\6.0.2282.0\\npwinext.dll" "Version"="5.0" "GeckoVersion"="1.0" "ProductName"="Bing Bar" "Vendor"="Microsoft Corporation" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] @DACL=(02 0000) @="" "Description"="Microsoft SharePoint Plug-in for Firefox" "Path"="c:\\PROGRA~1\\MICROS~4\\Office14\\NPSPWRAP.DLL" "ProductName"="Microsoft SharePoint Plug-in for Firefox" "Vendor"="Microsoft" "Version"="14.0" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0] @DACL=(02 0000) "ProductName"="Virtual Earth 3D 4.0" "Version"="4.0" "Description"="Virtual Earth 3D" "Vendor"="Microsoft" "Path"="c:\\Program Files\\Virtual Earth 3D\\" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] @DACL=(02 0000) "Path"="c:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll" "Description"="WLPG Install MIME type" "GeckoVersion"="1.0" "ProductName"="Windows Live Photo Gallery" "Version"="15.4.3502.0922" "Vendor"="Microsoft" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] @DACL=(02 0000) "Vendor"="Microsoft" "Version"="15.4.3508.1109" "ProductName"="Windows Live Photo Gallery" "GeckoVersion"="1.0" "Description"="WLPG Install MIME type" "Path"="c:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll" . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\MozillaPlugins\@tools.google.com/Google Update;version=9] @DACL=(02 0000) "Path"="c:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll" "Description"="Google Update" "ProductName"="Google Update" "Vendor"="Google Inc." "Version"="9" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security] @DACL=(02 0000) @SACL= "Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02, 00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\ . Zeit der Fertigstellung: 2012-10-05 13:12:26 ComboFix-quarantined-files.txt 2012-10-05 11:12 . Vor Suchlauf: 13 Verzeichnis(se), 123.017.191.424 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 122.907.742.208 Bytes frei . - - End Of File - - F95D5FD7EC514EA2B81D5A280736A1D8 lg, gesa Es hat sich nur ein Log geöffnet. Was ist dieser C:\Qoobox\Add-Remove Programs.txt? |
05.10.2012, 15:31 | #8 |
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.de 1. Firefox - Reste von Toolbars über about:config entfernen Firefox starten In die Adresszeile eingeben => about:config => Enter drücken Bestätige, dass Du vorsichtig sein wirst. Folgende Einstellungen sind nicht korrekt und müssen geändert werden: Gib startfenster unter Filter ein. Es erscheinen alle Zeilen, die das Suchwort enthalten. Um die Einträge zurückzusetzen, einfach rechte Maustaste auf die einzelnen Zeilen und zurücksetzen wählen. Wenn alle Zeilen zurückgesetzt sind, schließe den Tab von about:config. Schaue auch unter Extras => Addons => Erweiterungen Wenn da noch etwas von startfenster zu finden ist, bitte entfernen. Ebenfalls unter Suchmaschinen verwalten schauen, ob Du da noch etwas von "startfenster" findest, ebenfalls dort entfernen und z. B. Google als Standard-Suchmaschine einstellen. OTL entfernen und erneut herunterladen: 2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (05.10.2012 um 15:37 Uhr) |
05.10.2012, 16:36 | #9 |
| starterfenster.com nach vlc player download von vlc.de Die Otl.txt: Code:
ATTFilter OTL logfile created on: 05.10.2012 17:03:01 - Run 4 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,50% Memory free 3,98 Gb Paging File | 2,55 Gb Available in Paging File | 64,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 114,36 Gb Free Space | 40,35% Space Free | Partition Type: NTFS Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Leila\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.) PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.) PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) PRC - C:\Programme\syncables\syncables desktop\OTiSyncApp.exe (syncables, LLC) PRC - C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll () MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll () MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll () MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () MOD - C:\Programme\syncables\syncables desktop\2208TR.dll () MOD - C:\Programme\Dell\duo Stage\QtGui4.dll () MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Dell\duo Stage\QtSql4.dll () MOD - C:\Programme\Dell\duo Stage\QtCore4.dll () MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\Dell\duo Stage\QtXml4.dll () MOD - C:\Programme\Dell\duo Stage\kgl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (EMP_UDSA) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION) SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (AtherosSvc) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mbr) -- C:\ComboFix\mbr.sys File not found DRV - (catchme) -- C:\Users\Leila\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (eppvad_simple) -- C:\Windows\System32\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.) DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation) DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.) DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = ???????????????`?????´ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions [2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.startfenster.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.startfenster.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.05 13:06:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.05 17:00:51 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.05 16:42:42 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.10.05 13:12:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.05 12:48:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.05 12:48:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.05 12:48:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.05 12:47:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.05 12:47:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.05 12:14:33 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe [2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe [2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic [2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc [2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit [2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September [2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4} [2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe [2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe [2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Leila\AppData\Roaming\xvid.exe [2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.10.05 17:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.05 17:00:57 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.05 16:52:15 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.10.05 16:40:35 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.10.05 16:40:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.05 13:06:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.05 12:15:12 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe [2012.10.05 11:39:03 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.05 11:39:03 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.05 11:38:40 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.05 11:38:40 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.05 11:38:40 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.05 11:38:40 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.05 11:31:13 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg [2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv [2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe [2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.05 12:48:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.05 12:48:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.05 12:48:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.05 12:48:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.05 12:48:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg [2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv [2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.04.24 12:14:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe [2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft [2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn [2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy [2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc [2012.10.05 11:46:09 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client [2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird [2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP [2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.10.2012 17:03:02 - Run 4 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,50% Memory free 3,98 Gb Paging File | 2,55 Gb Available in Paging File | 64,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 114,36 Gb Free Space | 40,35% Space Free | Partition Type: NTFS Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | "{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | "{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | "{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | "{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | "{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | "{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | "{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | "{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | "{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | "{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | "{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | "{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net (06/04/2007 1.0.0.3) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AvsP_is1" = AvsP "BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Dell Support Center" = Dell Support Center "Dell Webcam Central" = Dell Webcam Central "FastStone Image Viewer" = FastStone Image Viewer 4.4 "ffdshow_is1" = ffdshow [rev 3029] [2009-07-10] "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706 "Google Chrome" = Google Chrome "GUI for dvdauthor" = GUI for dvdauthor 1.07 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ShapeCollage" = Shape Collage "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUpMedia" = TuneUp 2.4.6.4 "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.10.2012 07:00:17 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:17:8790)(12000) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll' Error - 03.10.2012 07:00:17 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:17:9410)(12000) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load. Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:31:4200)(12000) libKernelMode.ServiceManager - Error -- 543 Error 0x8 starting service 0: (Error#:8) : Für diesen Befehl ist nicht genügend Speicher verfügbar. Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:31:5760)(12000) libKernelMode.ServiceManager - Error -- 467 Service must be started before accessing driver Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:31:5760)(12000) libKernelMode.MemDriver - Error -- 44 Error reading physical memory: 0x0 Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:31:6380)(12000) libPreEnumOem.SystemEnumerator - Error -- 92 SMBIOS total memory size is wrong - accessible physical memory is greater than installed memory. Falling back to Microsoft provided memory metric. *** Memory Metric Summary *** Total Physical Memory (Windows) : 2035.87 MB Total Physical Memory (SMBIOS) : 0.00 MB Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.ServiceManager - Error -- 467 Service must be started before accessing driver Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.MemDriver - Error -- 44 Error reading physical memory: 0x0 Error - 03.10.2012 07:04:30 | Computer Name = Leila-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\dell datasafe local backup\SftVss64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 03.10.2012 07:57:09 | Computer Name = Leila-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = [ Dell Events ] Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.10.2012 05:51:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 04.10.2012 11:31:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 05.10.2012 05:31:27 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 05.10.2012 05:31:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 05.10.2012 06:50:35 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 05.10.2012 06:57:40 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 05.10.2012 07:06:49 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 05.10.2012 09:40:39 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 05.10.2012 09:40:52 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 05.10.2012 10:40:25 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. < End of report > |
07.10.2012, 06:27 | #10 |
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.de entferne bitte OTL und lade es erneut herunter: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
► Dein Problem besteht immer noch?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
07.10.2012, 18:15 | #11 |
| starterfenster.com nach vlc player download von vlc.de Nein, das Startfenster kommt jetzt nicht mehr Ist mein Computer jetzt geheilt? Hier die Otl.txt Code:
ATTFilter OTL logfile created on: 07.10.2012 18:22:52 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,26% Memory free 3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 114,10 Gb Free Space | 40,26% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Leila\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.) PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.) PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros) PRC - C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) PRC - C:\Programme\syncables\syncables desktop\OTiSyncApp.exe (syncables, LLC) PRC - C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll () MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll () MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll () MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Programme\syncables\syncables desktop\2208TR.dll () MOD - C:\Programme\Dell\duo Stage\QtGui4.dll () MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Dell\duo Stage\QtSql4.dll () MOD - C:\Programme\Dell\duo Stage\QtCore4.dll () MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Dell\duo Stage\QtXml4.dll () MOD - C:\Programme\Dell\duo Stage\kgl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (EMP_UDSA) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION) SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (AtherosSvc) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Leila\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (eppvad_simple) -- C:\Windows\System32\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.) DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation) DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.) DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = ???????????????`?????´ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions [2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions [2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.startfenster.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.startfenster.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.05 13:06:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.07 18:21:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.07 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.10.05 13:12:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.05 12:48:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.05 12:48:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.05 12:48:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.05 12:47:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.05 12:47:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.05 12:14:33 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe [2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe [2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic [2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc [2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit [2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September [2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help [2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4} [2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe [2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe [2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Leila\AppData\Roaming\xvid.exe [2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.10.07 18:30:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.10.07 18:21:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe [2012.10.07 18:17:23 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 18:17:23 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 18:15:17 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.07 18:15:17 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.07 18:15:17 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.07 18:15:17 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.07 18:13:12 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.10.07 18:09:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.07 18:08:49 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2012.10.05 19:02:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.05 13:06:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.05 12:15:12 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe [2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg [2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv [2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe [2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.10.05 12:48:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.05 12:48:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.05 12:48:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.05 12:48:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.05 12:48:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg [2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv [2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe [2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable [2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk [2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.04.24 12:14:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe [2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft [2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn [2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy [2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc [2012.10.05 19:04:48 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client [2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird [2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP [2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.10.2012 18:22:52 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leila\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,26% Memory free 3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 114,10 Gb Free Space | 40,26% Space Free | Partition Type: NTFS Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | "{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | "{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | "{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | "{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | "{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | "{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | "{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | "{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | "{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | "{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | "{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | "{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net (06/04/2007 1.0.0.3) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AvsP_is1" = AvsP "BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Dell Support Center" = Dell Support Center "Dell Webcam Central" = Dell Webcam Central "FastStone Image Viewer" = FastStone Image Viewer 4.4 "ffdshow_is1" = ffdshow [rev 3029] [2009-07-10] "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706 "Google Chrome" = Google Chrome "GUI for dvdauthor" = GUI for dvdauthor 1.07 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ShapeCollage" = Shape Collage "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUpMedia" = TuneUp 2.4.6.4 "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:31:5760)(12000) libKernelMode.MemDriver - Error -- 44 Error reading physical memory: 0x0 Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:00:31:6380)(12000) libPreEnumOem.SystemEnumerator - Error -- 92 SMBIOS total memory size is wrong - accessible physical memory is greater than installed memory. Falling back to Microsoft provided memory metric. *** Memory Metric Summary *** Total Physical Memory (Windows) : 2035.87 MB Total Physical Memory (SMBIOS) : 0.00 MB Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.ServiceManager - Error -- 467 Service must be started before accessing driver Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.MemDriver - Error -- 44 Error reading physical memory: 0x0 Error - 03.10.2012 07:04:30 | Computer Name = Leila-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\dell datasafe local backup\SftVss64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 03.10.2012 07:57:09 | Computer Name = Leila-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04.10.2012 03:23:21 | Computer Name = Leila-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 04.10.2012 07:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (16056) Asapi: (13:00:07:2540)(16056) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll' Error - 04.10.2012 07:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1 Description = (16056) Asapi: (13:00:07:2690)(16056) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load. Error - 04.10.2012 08:15:22 | Computer Name = Leila-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\dell datasafe local backup\SftVss64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Dell Events ] Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.10.2012 05:51:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 05.10.2012 09:40:52 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 05.10.2012 10:40:25 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 05.10.2012 15:10:42 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 05.10.2012 15:11:05 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.10.2012 05:18:50 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 06.10.2012 05:19:14 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 07.10.2012 07:36:12 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 07.10.2012 07:36:35 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 07.10.2012 12:10:10 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 07.10.2012 12:10:14 | Computer Name = Leila-PC | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > |
07.10.2012, 19:24 | #12 | |
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.de 1. Zitat:
Code:
ATTFilter :OTL FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found CHR - homepage: http://www.startfenster.com CHR - default_search_provider: Google (Enabled) CHR - homepage: http://www.startfenster.com O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
ansonsten das Log sieht gut aus. sonst noch Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
07.10.2012, 21:06 | #13 |
| starterfenster.com nach vlc player download von vlc.de Ne, sonst hab ich keine Probleme mehr. Code:
ATTFilter All processes killed ========== OTL ========== Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found. Use Chrome's Settings page to change the HomePage. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to change the HomePage. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Leila\Desktop\cmd.bat deleted successfully. C:\Users\Leila\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Leila ->Temp folder emptied: 261830 bytes ->Temporary Internet Files folder emptied: 571407 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 57697864 bytes ->Google Chrome cache emptied: 6119168 bytes ->Flash cache emptied: 660 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 119054329 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 175,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10072012_215721 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot. |
08.10.2012, 13:18 | #14 | ||
/// Helfer-Team | starterfenster.com nach vlc player download von vlc.de ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► für Win 7 das Service Pack 1 bitte aufspielen!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! -> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
08.10.2012, 20:48 | #15 |
| starterfenster.com nach vlc player download von vlc.de Liebe Kira, so werd ich's machen. Aber schonmal vielen, vielen lieben Dank für die Hilfe! Es ist echt super, dass ihr diese Hilfe im Internet anbietet! -Ich wäre da sonst nicht durchgestiegen Also: Danke, danke, danke! Lieben Gruß, Gesa |
Themen zu starterfenster.com nach vlc player download von vlc.de |
192.168.0.2, 7-zip, adobe, adware/adware.gen, antivirus, autorun, avg, avira, bho, bonjour, converter, defender, desktop, firefox, flash player, format, helper, home, lightning, logfile, mozilla, mp3, plug-in, popup, realtek, scan, security, usb, wlan, www.startfenster.com |