|
Log-Analyse und Auswertung: Überflutung mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.04.2013, 20:43 | #1 |
| Überflutung mit Werbung Hallo, Sobald ich den Internet Explorer öffne, werde ich massenweise mit Werbung von appround.net, appdata, ad.yieldmanager, mux.jsonlock.net etc. gequält. Ich kann keine Internetseite mehr öffnen, ohne dass ich gleich extra Browserfenster mit Werbung zurückbekomme. ... egal auf welche Homepage ich gehe...auch während ich das Passwort für meinen E-Mail Account eingebe etc. Zudem erscheint auf fast jeder Homepage, dass mein PC langsam ist etc. und tatsächlich brauchen einige Seiten viel länger bis sie geladen sind, als das früher der Fall war. Mein PC "hängt" öfters bzw. braucht länger um eine Homepage zu laden. Ich weiß echt nicht was ich tun soll und hoffe dass mir jemand von euch weiterhelfen kann und diesen Virus ? beseitigen kann ??? Ich habe mich schon im Forum umgeschaut und bin auf Beiträge mit ähnlichen Problemen gestoßen. Den 1.Schritt habe ich schon gemacht und mit den OTL runtergeladen und einen Scan gestartet. Folgendes kam dabei raus: OTl.tx-Editor: OTL logfile created on: 29.04.2013 21:25:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 46,65% Memory free 3,86 Gb Paging File | 2,27 Gb Available in Paging File | 58,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 215,83 Gb Free Space | 72,43% Space Free | Partition Type: NTFS Drive F: | 7,82 Gb Total Space | 2,55 Gb Free Space | 32,62% Space Free | Partition Type: FAT32 Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Carina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\jmdp\stij.exe () PRC - C:\Users\Carina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () PRC - C:\Windows\System32\dmwu.exe () PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIKE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\jmdp\stij.exe () MOD - C:\Windows\System32\jmdp\lmrn.dll () MOD - C:\Windows\System32\jmdp\sqlite3.dll () MOD - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () MOD - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e3b2d98c11781e59f2e69bb71b8c853f\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLAgent$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation) DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10037&barid={04DF81E9-9456-11E2-8D8C-9A004E15571D} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10037&barid={04DF81E9-9456-11E2-8D8C-9A004E15571D} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121561&babsrc=SP_ss&mntrId=B2A790004E15571D IE - HKCU\..\SearchScopes\{34627502-17FD-4083-A4D3-56A18F24E5EE}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE435 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6D05A821-E3D8-47AB-9DCC-0473344FB777}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648045&src=kw&q={searchTerms}&locale=de_ZZ&apn_ptnrs=99&apn_dtid=YYYYYYYYNL&apn_uid=F511B357-FC2C-49BD-9AC9-9E1CC13F54D1&apn_sauid=216EDD2F-815F-46D4-BEF1-FE2EA16A7D87 IE - HKCU\..\SearchScopes\{905905C5-A7D6-424A-8CB5-C992D6C7DFA7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=37B388F1-7BED-488F-B170-E5253DE83C10&apn_sauid=664FF681-9ECC-4B53-9F9F-A89EAE14AE76 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={04DF81E9-9456-11E2-8D8C-9A004E15571D}&crg=3.1010006.10037&st=23 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2013.03.27 08:33:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.24 09:41:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsmonkey@mendoni.net: C:\Program Files\LyricsMonkey\FF\ [2013.04.23 07:30:41 | 000,000,000 | ---D | M] [2011.06.23 09:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2011.06.23 09:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011.06.23 09:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Sunbird\Profiles\dgx95zvo.default\extensions [2012.09.11 18:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.27 02:58:52 | 000,032,048 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.delta-search.com/?affID=121561&babsrc=HP_ss&mntrId=B2A790004E15571D CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Lyrics Monkey) - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Programme\LyricsMonkey\lyricsmonkey.dll (MNDi Software) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIIKE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.hs-albsig.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.87.129.201 141.87.129.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{528B468E-C056-478D-BDEC-BF300565B499}: DhcpNameServer = 141.87.129.201 141.87.129.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB7F92F-21CD-48BA-9B2F-422193A3E143}: DhcpNameServer = 129.143.2.1 129.143.2.4 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 21:23:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2013.04.27 07:42:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Mai [2013.04.23 07:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsMonkey [2013.04.13 08:27:01 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\essen [2013.04.12 20:23:14 | 000,000,000 | ---D | C] -- C:\Win.7.Loader.eXtreme.Edition.3.119 [2013.04.12 19:35:04 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Win.7.Loader.eXtreme.Edition.3.119 [2013.04.08 22:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.08 22:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 ========== Files - Modified Within 30 Days ========== [2013.04.29 21:24:49 | 000,027,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.29 21:24:49 | 000,027,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.29 21:23:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2013.04.29 21:16:48 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.29 20:38:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.29 20:12:49 | 000,719,646 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.29 20:12:49 | 000,681,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.29 20:12:49 | 000,155,400 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.29 20:12:49 | 000,131,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.29 20:10:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.29 19:07:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.29 19:07:41 | 1555,537,920 | -HS- | M] () -- C:\hiberfil.sys [2013.04.29 12:07:22 | 000,067,114 | ---- | M] () -- C:\Users\Carina\Desktop\LEH_Schw_Schupfnudeln_1000g_01.png [2013.04.29 09:56:53 | 000,097,001 | ---- | M] () -- C:\Users\Carina\Desktop\Zusatzaufgaben_Kombinatorik.pdf [2013.04.27 07:56:45 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.27 07:56:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.20 19:47:02 | 000,000,521 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.04.20 15:34:08 | 002,038,385 | ---- | M] () -- C:\Users\Carina\Desktop\4.jpg [2013.04.09 07:24:28 | 000,029,775 | ---- | M] () -- C:\Windows\wininit.ini ========== Files Created - No Company Name ========== [2013.04.29 12:08:04 | 000,067,114 | ---- | C] () -- C:\Users\Carina\Desktop\LEH_Schw_Schupfnudeln_1000g_01.png [2013.04.29 09:56:52 | 000,097,001 | ---- | C] () -- C:\Users\Carina\Desktop\Zusatzaufgaben_Kombinatorik.pdf [2013.04.20 15:28:51 | 002,038,385 | ---- | C] () -- C:\Users\Carina\Desktop\4.jpg [2013.04.08 23:45:45 | 000,029,775 | ---- | C] () -- C:\Windows\wininit.ini [2013.03.24 09:40:00 | 001,013,552 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2013.03.24 09:40:00 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2013.02.01 19:06:16 | 000,000,094 | ---- | C] () -- C:\Users\Carina\AppData\Local\fusioncache.dat [2012.09.17 14:27:32 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.03.30 07:52:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.03.30 07:52:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.28 21:45:21 | 000,000,272 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\.backup.dm [2011.12.21 22:19:32 | 000,022,140 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\UserTile.png [2011.12.16 12:27:52 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.08.27 20:27:49 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll [2011.08.10 18:32:08 | 000,004,096 | -H-- | C] () -- C:\Users\Carina\AppData\Local\keyfile3.drm [2011.06.11 15:49:56 | 000,006,310 | ---- | C] () -- C:\Users\Carina\window.reg [2011.06.11 15:14:46 | 000,010,842 | ---- | C] () -- C:\Users\Carina\löschen.reg [2011.06.11 14:50:57 | 000,024,216 | ---- | C] () -- C:\Users\Carina\export.reg [2011.06.11 14:29:31 | 000,024,216 | ---- | C] () -- C:\Users\Carina\bilder sortieren.reg [2011.06.10 19:58:21 | 000,001,444 | ---- | C] () -- C:\Windows\photoimpression.ini [2011.06.10 19:57:44 | 000,000,021 | ---- | C] () -- C:\Windows\PI_setup.ini [2011.06.10 19:52:42 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2011.06.10 19:52:39 | 000,000,521 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.06.10 19:52:39 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2011.06.10 19:52:39 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.06.10 19:21:05 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini [2011.06.09 17:54:21 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2011.06.09 17:45:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.09 17:27:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.06.09 17:17:05 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011.06.09 17:17:05 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011.06.09 17:17:05 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.06.09 17:17:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011.06.09 17:17:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.06.09 17:17:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.06.09 17:17:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.06.09 17:17:05 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011.06.09 17:17:05 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.06.09 17:12:07 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2011.06.09 17:11:55 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011.06.09 17:11:50 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2011.06.09 17:11:50 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2011.06.09 17:11:46 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1 < End of report > Extras.TxT-Editor OTL Extras logfile created on: 29.04.2013 21:25:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 46,65% Memory free 3,86 Gb Paging File | 2,27 Gb Available in Paging File | 58,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 215,83 Gb Free Space | 72,43% Space Free | Partition Type: NTFS Drive F: | 7,82 Gb Total Space | 2,55 Gb Free Space | 32,62% Space Free | Partition Type: FAT32 Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15503336-43E6-4201-A398-F942D21121DD}" = lport=139 | protocol=6 | dir=in | app=system | "{1D58B0D0-57EF-49E4-A79F-C6CDE044B5FC}" = rport=138 | protocol=17 | dir=out | app=system | "{5CDD020A-FF1B-458E-9A08-A62BEA5BA6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60BE0550-C94E-46BF-A984-16A321CBD9D7}" = lport=137 | protocol=17 | dir=in | app=system | "{71B9DA2A-EE9F-4555-B35C-2B2BE10E7D4E}" = rport=137 | protocol=17 | dir=out | app=system | "{A503DF7F-4AA2-4E94-8AE6-6101B95F1D92}" = lport=138 | protocol=17 | dir=in | app=system | "{CBB33CD9-32FD-4487-9201-8464061265BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB9A8BB9-90A1-40D3-B494-853107C8EA36}" = rport=139 | protocol=6 | dir=out | app=system | "{DCE470BE-CA26-4ED7-9A3C-9A43B94950E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E1E45661-CEB7-4EDC-A1A8-51C5803A8BB3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E330ED5B-3BB1-4191-A15C-35F36F355B01}" = rport=445 | protocol=6 | dir=out | app=system | "{FC5212B6-720F-4882-B6F1-AABA6B82861A}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07F77143-7EBB-42F9-A4FA-FF8D13DE0FF4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{10B98C74-2D79-4E6D-B2C0-CA8A84396B17}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{20CD8D1F-530D-453D-93FA-8D093B52194F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{48632914-196E-4535-85FB-206A974A26A1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{7CCF583E-A8C9-48DE-AD21-40CD47135A18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{87D145C4-0532-47D4-AAB2-FEA7A441CE46}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D286E6AB-EF68-47EB-AF62-FC60706CC5C7}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{DC1C152D-0DB0-4477-841B-2F51E3C22E9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{159C0367-741C-4DE6-B485-5A6185D2CEF1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{52753EC7-4768-46A4-9521-E861CFD54E22}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{0031C1E5-6B23-4281-B532-CED74C1FD064}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{0C5D47AC-5FA4-412C-AF8C-C2DA236A8330}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D3BEDD9-C4BF-4040-BE99-8DA827F265A7}" = Internet Explorer Toolbar 4.7 by SweetPacks "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{568502E8-5167-11DE-A65F-B57B56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010 "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu "{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84B96E85-9375-4E4F-9B9A-6E1892950B68}" = NimoDoc Lite "{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A43014F4-44F8-4539-8F87-C8471CB810B1}" = Cisco AnyConnect Secure Mobility Client "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1 "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}" = NimoFilm "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010 "{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator "{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "8A234D63F9DC5E35A1AF28C3CCD256B0A0B99C86" = Windows-Treiberpaket - Intel (NETw5s32) net (05/31/2010 13.2.1.5) "9489963E04BFFEC8668803DA5A2F0F6463FE99CC" = Windows-Treiberpaket - Intel (NETw5v32) net (05/31/2010 13.2.1.5) "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren) "ArcSoft PhotoImpression" = ArcSoft PhotoImpression "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bi_uninstaller" = Bundled software uninstaller "Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010 "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DAEMON Tools Lite" = DAEMON Tools Lite "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "EPSON Scanner" = EPSON Scan "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series "EPSON XP-302 303 305 306 Series" = EPSON XP-302 303 305 306 Series Printer Uninstall "EPSON XP-302 303 305 306 Series Netg" = Netzwerkhandbuch EPSON XP-302 303 305 306 Series "FreePDF_XP" = FreePDF (Remove only) "Google Chrome" = Google Chrome "GPL Ghostscript 9.04" = GPL Ghostscript "GPL Ghostscript 9.05" = GPL Ghostscript "HDMI" = Intel(R) Graphics Media Accelerator Driver "LManager" = Launch Manager "lyricsmonkey@mendoni.net" = Lyrics Monkey "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PDFTK Builder_is1" = PDFTK Builder 3.5.3 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks "SynTPDeinstKey" = Synaptics Pointing Device Driver "Totalcmd" = Total Commander (Remove or Repair) "TVWiz" = Intel(R) TV Wizard "WNLT" = SweetPacks Updater ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "PDF Converter" = PDF Converter ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.04.2013 07:51:07 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2013/04/29 13:51:07.862]: [00003992]: lperrcode->api = 1 , lperrcode->code = 2 Error - 29.04.2013 07:51:09 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2013/04/29 13:51:09.406]: [00003992]: lperrcode->api = 1 , lperrcode->code = 2 Error - 29.04.2013 07:51:10 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2013/04/29 13:51:10.950]: [00003992]: lperrcode->api = 1 , lperrcode->code = 2 Error - 29.04.2013 13:08:21 | Computer Name = Carina-PC | Source = WinMgmt | ID = 10 Description = Error - 29.04.2013 13:08:24 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/04/29 19:08:24.258]: [00000840]: GetDeviceList Failed! pStiInfo = 0x0.. Error - 29.04.2013 13:08:24 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/04/29 19:08:24.336]: [00000840]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 29.04.2013 13:08:24 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/04/29 19:08:24.367]: [00000840]: Initialize TwdsMain Class failed! Error - 29.04.2013 13:09:06 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2013/04/29 19:09:06.222]: [00003972]: brccFCtl.dll: ### ERROR ### LoadLibrary Functions failed. m_fpIsAvailable-Return = FALSE Error - 29.04.2013 13:09:06 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2013/04/29 19:09:06.237]: [00003972]: brccFCtl.dll: ### ERROR ### Get OmniPage Language-ID Failed. unO32Result = 7 Error - 29.04.2013 13:09:06 | Computer Name = Carina-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2013/04/29 19:09:06.253]: [00003972]: brccFCtl.dll: ### ERROR ### Get OmniPage Language-ID Failed [ Cisco AnyConnect Secure Mobility Client Events ] Error - 29.04.2013 13:07:51 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp Line: 112 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 29.04.2013 13:07:51 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp Line: 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 29.04.2013 13:07:51 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp Line: 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 29.04.2013 13:07:51 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108866 Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp Line: 1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 29.04.2013 13:07:54 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 29.04.2013 13:08:40 | Computer Name = Carina-PC | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 29.04.2013 13:08:42 | Computer Name = Carina-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1336 NULL object. Cannot establish a connection at this time. Error - 29.04.2013 13:12:46 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 29.04.2013 13:12:46 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 29.04.2013 13:12:46 | Computer Name = Carina-PC | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ System Events ] Error - 25.04.2013 10:46:30 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 25.04.2013 10:46:31 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 25.04.2013 10:46:31 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 25.04.2013 10:46:32 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.04.2013 01:40:50 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.04.2013 01:40:50 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.04.2013 01:40:51 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.04.2013 01:40:52 | Computer Name = Carina-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.04.2013 06:05:17 | Computer Name = Carina-PC | Source = DCOM | ID = 10016 Description = Error - 28.04.2013 14:05:50 | Computer Name = Carina-PC | Source = WMPNetworkSvc | ID = 866300 Description = < End of report > Bitte helft mir. Vielen lieben Dank, cari |
29.04.2013, 20:54 | #2 | ||
/// TB-Ausbilder | Überflutung mit Werbung Hallo cari,
__________________Zitat:
Oder: Zitat:
__________________ |
30.04.2013, 10:51 | #3 |
| Überflutung mit Werbung Hallo aharanov,
__________________Vielen Dank für deine schnelle Antwort. Also ich hab den Rechner jetzt schon länger und es war schon immer Enterprise drauf. Kann sein dass es mal ein Firmenrechner war, da ich ihn von meinem Kollegen gebraucht bekommen habe. Zu diesem Windows Loader kann ich dir leider nichts sagen, ..es kann sein dass mein Bekannter das Programm benutzt hat ??, da ich vor kurzem Probleme mit der Aktualisierung hatte. Muss ich die Datei löschen? Vielen Dank |
01.05.2013, 01:35 | #4 |
/// TB-Ausbilder | Überflutung mit Werbung Downloade bitte WVCheck (von Artellos) und speichere es auf deinen Desktop.
__________________ cheers, Leo Geändert von aharonov (01.05.2013 um 01:41 Uhr) |
06.05.2013, 13:10 | #5 |
/// TB-Ausbilder | Überflutung mit Werbung Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu Überflutung mit Werbung |
ad.yieldmanager, antivir, application/pdf:, avira, bho, browserprotect.dll, converter, delta chrome toolbar, e-mail, error, excel, failed, fatal error, firefox, flash player, google, homepage, hängt, iexplore.exe, install.exe, langsam, launch, logfile, outlook 2010, plug-in, realtek, scan, security, senden, software, svchost.exe, taskhost.exe, total commander, tracker, virus, virus ?, werbung, werbungfenster, windows |