| |  Ron ads ....
hier sind die logs, danke fürs helfen!! find ich klasse!
mbam-log Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4022
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
23.04.2010 13:11:40
mbam-log-2010-04-23 (13-11-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 274434
Laufzeit: 1 Stunde(n), 52 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 2
Infizierte Dateien: 12
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a7062872-1d8d-130e-739f-c4537cb133ac} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AwesomeBestShoppingTipsProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63e51dea-60b3-2862-9052-d98eff830328} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63e51dea-60b3-2862-9052-d98eff830328} (Adware.AdRotator) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zythqczaypbllaxk (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.mirarsearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\Program Files\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenU) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Program Files\Save\SaveUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\aivukztpdojefz.exe.vir (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\julia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FSQVE1YA\setup[1].exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\julia\AppData\Local\Temp\COM Security Update Level 1 (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\julia\AppData\Roaming\Mozilla\Firefox\Profiles\7h4e6vnv.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}\components\SaveComponent.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\julia\AppData\Roaming\Save\SaveUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\julia\Downloads\access.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\u_ewumgomkhk.dll.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\System32\win91.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\win9b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Windows\System32\cdynorzwlcfmufkmj.dll (Trojan.Agent) -> Delete on reboot.
| OTL.txt Zitat:
OTL logfile created on: 23.04.2010 13:27:05 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\julia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,80 Gb Total Space | 85,39 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive D: | 27,07 Gb Total Space | 17,43 Gb Free Space | 64,39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 14,90 Gb Total Space | 8,66 Gb Free Space | 58,10% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JULIA-PC
Current User Name: julia
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\julia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Bandoo\Bandoo.exe (Discordia Limited)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Roxio\MyDVD\MyDVD\USBDeviceService.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Modules (SafeList) ==========
MOD - C:\Users\julia\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AGWinService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Discordia Limited)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (USBDeviceService) -- C:\Programme\Roxio\MyDVD\MyDVD\USBDeviceService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SPC520m) -- C:\Windows\System32\drivers\SPC520m.sys (Philips )
DRV - (SPC520) -- C:\Windows\System32\drivers\SPC520.sys (Philips )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (e4usbaw) -- C:\Windows\System32\drivers\e4usbaw.sys (Analog Devices Inc.)
DRV - (E4LOADER) General Purpose USB Driver (e4ldr.sys) -- C:\Windows\System32\drivers\e4ldr.sys (Analog Deivces)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.findstuff.biz/home.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {f6bf92e0-b190-11dd-ad8b-0800200c9a68}:1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.23 13:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.03.31 19:43:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.19 20:04:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.19 20:04:31 | 000,000,000 | ---D | M]
[2009.06.11 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\julia\AppData\Roaming\mozilla\Extensions
[2009.06.02 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\julia\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.04.21 18:15:42 | 000,000,000 | ---D | M] -- C:\Users\julia\AppData\Roaming\mozilla\Firefox\Profiles\7h4e6vnv.default\extensions
[2010.01.31 10:32:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\julia\AppData\Roaming\mozilla\Firefox\Profiles\7h4e6vnv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.19 20:47:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\julia\AppData\Roaming\mozilla\Firefox\Profiles\7h4e6vnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.07.13 17:04:53 | 000,000,000 | ---D | M] (Save extension) -- C:\Users\julia\AppData\Roaming\mozilla\Firefox\Profiles\7h4e6vnv.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}
[2010.04.19 20:48:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.18 19:16:08 | 000,278,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\ewumgomkhk.dll
[2008.09.15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\julia\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\julia\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.04.22 18:33:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.22 18:32:58 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.22 18:32:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.22 18:32:08 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\julia\Desktop\mbam-setup-1.45.exe
[2010.04.22 18:31:11 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\julia\Desktop\OTL.exe
[2010.04.21 18:46:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.21 18:26:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.21 18:26:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.21 18:26:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.21 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.21 18:26:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.04.21 18:26:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.21 18:26:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.20 18:48:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.20 18:27:18 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.04.19 20:36:08 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.04.19 20:36:04 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.19 20:31:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.19 20:30:48 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.04.19 20:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.04.19 20:07:19 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.04.19 20:07:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.19 20:07:15 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.04.19 20:06:32 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.04.19 20:05:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.19 15:29:04 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.19 15:29:04 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.19 15:29:01 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.19 15:28:52 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.19 15:28:52 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.03 18:51:21 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.31 12:17:01 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:17:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:17:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:16:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 12:16:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 12:16:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:16:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:16:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 12:16:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 12:16:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:16:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 12:16:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 12:16:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 12:16:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 12:16:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
========== Files - Modified Within 30 Days ==========
[2010.04.23 13:29:38 | 003,145,728 | ---- | M] () -- C:\Users\julia\NTUSER.DAT
[2010.04.23 13:26:54 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C0800C4-B1A9-414C-A46C-2ED5B422090E}.job
[2010.04.23 13:26:19 | 001,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.23 13:26:19 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.23 13:26:19 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.23 13:26:19 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.23 13:26:19 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.23 13:26:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.23 13:22:56 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.23 13:22:29 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.04.23 13:22:28 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.04.23 13:22:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.23 13:21:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.23 13:21:49 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 13:21:49 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.23 13:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.23 13:21:30 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.23 13:13:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.23 13:13:25 | 000,524,288 | -HS- | M] () -- C:\Users\julia\NTUSER.DAT{bce8a0da-4be5-11df-b3c5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.04.23 13:13:25 | 000,065,536 | -HS- | M] () -- C:\Users\julia\NTUSER.DAT{bce8a0da-4be5-11df-b3c5-806e6f6e6963}.TM.blf
[2010.04.23 13:13:24 | 006,291,456 | -H-- | M] () -- C:\Users\julia\AppData\Local\IconCache.db
[2010.04.23 13:12:00 | 059,202,755 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.04.22 18:38:10 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.22 18:33:04 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.22 18:29:02 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\julia\Desktop\OTL.exe
[2010.04.22 18:27:56 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\julia\Desktop\mbam-setup-1.45.exe
[2010.04.21 18:42:28 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.04.21 18:16:04 | 003,922,906 | R--- | M] () -- C:\Users\julia\Desktop\ComboFix.exe
[2010.04.20 17:55:10 | 000,001,356 | ---- | M] () -- C:\Users\julia\AppData\Local\d3d9caps.dat
[2010.04.19 22:53:27 | 000,524,288 | -HS- | M] () -- C:\Users\julia\NTUSER.DAT{bce8a0da-4be5-11df-b3c5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.04.19 21:07:26 | 000,105,552 | ---- | M] () -- C:\Users\julia\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.19 21:04:49 | 000,368,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.19 21:03:36 | 003,407,872 | -HS- | M] () -- C:\Users\julia\NTUSER.DAT_tureg_old
[2010.04.19 21:03:35 | 000,524,288 | -HS- | M] () -- C:\Users\julia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.19 21:03:35 | 000,065,536 | -HS- | M] () -- C:\Users\julia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.19 20:36:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.19 20:35:54 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.04.19 20:04:33 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.19 14:37:48 | 000,027,335 | ---- | M] () -- C:\Users\julia\AppData\Roaming\nvModes.001
[2010.04.18 21:56:58 | 220,646,492 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.04.01 15:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.26 14:12:42 | 000,003,180 | ---- | M] () -- C:\Users\julia\AppData\Roaming\wklnhst.dat
[2010.03.24 16:59:28 | 015,329,616 | ---- | M] () -- C:\Users\julia\Documents\Recettes mauriciennes.wps
========== Files Created - No Company Name ==========
[2010.04.23 13:22:55 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.22 18:33:04 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.21 18:26:55 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.21 18:26:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.21 18:26:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.21 18:26:55 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.21 18:26:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.21 18:15:27 | 003,922,906 | R--- | C] () -- C:\Users\julia\Desktop\ComboFix.exe
[2010.04.21 17:58:13 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.20 18:32:55 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.20 18:32:55 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.04.19 21:26:51 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.04.19 21:05:07 | 000,524,288 | -HS- | C] () -- C:\Users\julia\NTUSER.DAT{bce8a0da-4be5-11df-b3c5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.04.19 21:05:07 | 000,524,288 | -HS- | C] () -- C:\Users\julia\NTUSER.DAT{bce8a0da-4be5-11df-b3c5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.04.19 21:05:07 | 000,065,536 | -HS- | C] () -- C:\Users\julia\NTUSER.DAT{bce8a0da-4be5-11df-b3c5-806e6f6e6963}.TM.blf
[2010.04.19 21:03:34 | 000,000,000 | -H-- | C] () -- C:\Users\julia\NTUSER.DAT_tureg_new.LOG2
[2010.04.19 21:03:34 | 000,000,000 | -H-- | C] () -- C:\Users\julia\NTUSER.DAT_tureg_new.LOG1
[2010.01.07 10:04:50 | 000,000,169 | ---- | C] () -- C:\Windows\adidsl.ini
[2010.01.07 10:04:50 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2010.01.07 10:03:02 | 000,000,990 | ---- | C] () -- C:\Windows\adiras.ini
[2010.01.07 10:02:55 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2009.09.24 11:36:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.17 19:49:17 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2009.06.17 19:48:40 | 000,032,987 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.17 19:48:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.06.17 19:47:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.17 19:47:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.06.17 19:47:28 | 000,002,066 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.06.17 19:32:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\bdadll.dll
[2009.03.02 15:44:37 | 000,000,643 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.11.06 16:57:52 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.11.06 16:57:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.10.22 12:23:56 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2007.10.20 05:46:52 | 000,001,500 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.10.19 08:23:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.10.19 08:23:05 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.10.19 05:26:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.18 07:54:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.18 07:54:16 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.17 14:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007.10.10 11:38:38 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2007.10.02 17:05:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.02 17:03:19 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2007.10.02 17:03:19 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.15 18:00:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >
| extras.txt, von OTL Zitat:
OTL Extras logfile created on: 23.04.2010 13:27:05 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\julia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,80 Gb Total Space | 85,39 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive D: | 27,07 Gb Total Space | 17,43 Gb Free Space | 64,39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 14,90 Gb Total Space | 8,66 Gb Free Space | 58,10% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JULIA-PC
Current User Name: julia
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5C8B44DE-FF64-4FC5-B0BF-A85DA9DDC235}" = lport=2869 | protocol=6 | dir=in | app=system |
"{890CA3F1-F7E7-4DC9-98DB-C0C9D44E27FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A446D5-AD03-4207-931B-A918379D7A63}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{113B2B70-A09B-40E1-AE58-1DA315E2F4F8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{125C8884-23D2-425B-807C-EE0CF6051053}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{161678EE-C00D-4644-821F-4064C28BE869}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{183675F6-3675-4BCF-9AB2-A542C71800F7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2BD5E030-43DE-4AA9-9226-6ED29F0641AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30A4EA02-B929-48F2-A106-30A56917AA9B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3E2A8150-A266-48CE-A198-9A703E7D54F9}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{4D6994CF-88E9-493C-BEAB-434859DF935C}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{50EAEE21-B7DD-440E-8B24-B9E5E31E99C7}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{5B0C6A3B-9896-44CB-AC17-ACD2AB1129C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67D8D069-B69A-4183-A981-FD9301C2232E}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{878A15F6-2DE8-4E75-868F-B1F94A146D4F}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{975D1C60-E65A-4468-B260-A2FF3B5309EB}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{9E2D7EC7-4B9C-4D1A-BC4E-699BED1F6C76}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{9E6AC60D-DD01-4FE5-A8ED-689DC679127B}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{B64B5771-3054-4901-B320-FFE9890021FC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C313D47E-DDF5-4495-97B3-F2EF5660BAE7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E33CABCC-08A9-4BD3-B401-BC79C7056674}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{ECDC6467-B7FD-46A4-B007-CB41FFA6338E}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F03E471B-DAA0-4E46-ABA7-2D4238C3587B}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F25EC49F-BA95-45F7-B031-79941AA01D25}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{F33E48FF-DB04-457F-8CE5-92C60C259692}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{F455C89D-59C6-4364-B7B0-D3128B72CCC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD42064E-4E6B-48E4-820C-789B2311C4EC}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"TCP Query User{9C0937FC-C010-41C4-BBF9-BC8FEE62A2FE}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{77EDBF93-0683-46A8-BA09-67B89BAF2FF7}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{094C28D2-3FE2-417C-AF0B-425FE891F04A}" = Motorola Phone Tools
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C362999-7893-4EB0-AE33-18A091228D04}" = ArcSoft MediaImpression
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{A4DA9FB6-6F80-4589-A050-14129120B060}" = Mirar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C1A29161-3B31-46FB-8BA9-62897EF956D1}" = ArcSoft Print Creations
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"Bandoo" = Bandoo
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Müller Foto" = Müller Foto
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoAdsForYou" = PrimoAdsForYou
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Save" = Save
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.10.2009 03:42:46 | Computer Name = JULIA-PC | Source = Python Service | ID = 4
Description =
Error - 07.10.2009 05:24:17 | Computer Name = julia-PC | Source = Python Service | ID = 4
Description =
Error - 07.10.2009 05:31:16 | Computer Name = julia-PC | Source = Python Service | ID = 4
Description =
Error - 07.10.2009 09:26:09 | Computer Name = julia-PC | Source = Python Service | ID = 4
Description =
Error - 07.10.2009 14:43:28 | Computer Name = julia-PC | Source = Python Service | ID = 4
Description =
Error - 07.10.2009 14:50:36 | Computer Name = julia-PC | Source = EventSystem | ID = 4609
Description =
Error - 07.10.2009 14:53:48 | Computer Name = julia-PC | Source = System Restore | ID = 8193
Description =
Error - 07.10.2009 14:55:54 | Computer Name = julia-PC | Source = Python Service | ID = 4
Description =
Error - 08.10.2009 10:29:47 | Computer Name = julia-PC | Source = Python Service | ID = 4
Description =
Error - 08.10.2009 11:06:58 | Computer Name = julia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SoftwareUpdate.exe, Version 2.1.1.116, Zeitstempel
0x488a4f1f, fehlerhaftes Modul agcutils.dll, Version 1.0.0.1, Zeitstempel 0x48dbd973,
Ausnahmecode 0xc0000005, Fehleroffset 0x000038d7, Prozess-ID 0xad0, Anwendungsstartzeit
01ca4828e7201497.
[ System Events ]
Error - 01.03.2009 17:14:55 | Computer Name = julia-PC | Source = DCOM | ID = 10010
Description =
Error - 01.03.2009 17:24:53 | Computer Name = julia-PC | Source = WPDMTPDriver | ID = 80836
Description =
Error - 02.03.2009 06:33:49 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.03.2009 09:44:51 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 02.03.2009 11:41:06 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.03.2009 04:26:34 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.03.2009 07:21:56 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.03.2009 17:52:10 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.03.2009 06:22:42 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.03.2009 18:32:03 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
21.04.2010, 17:53
Linear-Darstellung
