|
Plagegeister aller Art und deren Bekämpfung: Anti Malware und OTL durchgeführt aber Firefox "streikt"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2010, 09:55 | #1 |
| Anti Malware und OTL durchgeführt aber Firefox "streikt" Hallo zusammen, leider hatte ich mich bisher nicht wirklich mit der Sicherheits meines PCs beschäftigt. Nun habe ich mal OTL und Malware über meinen PC laufen lassen, Berichte anbei. Ein paar gefährliche Programme wurden wohl auch gefunden und ich hatte sie entsprechend entfernt, aber wenn ich zb. im Firefox auf mail.yahoo.de oder gmx.de gehe, passiert eigentlich nichts und oben steht "keine Rückmeldung". Was kann ich denn noch gutes machen? Vielen Dank und sorry, wenn ich diesen Beitrag hier falsch poste. Schönen Gruß, yoshua OTL: OTL logfile created on: 07.09.2010 10:34:59 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\romberg.WERT2\Desktop Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,26 Gb Total Space | 146,40 Gb Free Space | 66,46% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,59 Gb Free Space | 55,88% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROMBERG-PC Current User Name: Romberg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\romberg.WERT2\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe (Kaspersky Lab) PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe (Panda Software) ========== Modules (SafeList) ========== MOD - C:\Users\romberg.WERT2\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (SentinelKeysServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) SRV - (PavReport) -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe (Panda Software) SRV - (PavAtScheduler) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) SRV - (PAVAGENTE) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) SRV - (APUpdService) -- C:\Windows\System32\APUpdService.exe (cobra GmbH) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (CSCrySec) -- C:\Windows\system32\DRIVERS\CSCrySec.sys (Infowatch) DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV - (KLBG) -- C:\Windows\system32\DRIVERS\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.2.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6 FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.2 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.03 19:45:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 19:59:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.05 19:59:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2010.09.02 11:13:12 | 000,000,000 | ---D | M] [2009.10.23 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Extensions [2010.09.07 10:19:34 | 000,000,000 | ---D | M] -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions [2009.10.23 22:44:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.21 10:04:39 | 000,000,000 | ---D | M] (Weave Sync) -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2010.04.21 10:04:37 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C} [2010.02.24 15:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.26 22:22:25 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.03.30 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\piclens@cooliris.com [2010.06.29 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\romberg.WERT2\AppData\Roaming\mozilla\Firefox\Profiles\z5fmdpni.default\extensions\toolbar@ask.com [2010.09.01 09:36:52 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-1.xml [2009.12.19 08:54:27 | 000,000,961 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-2.xml [2010.02.05 19:26:41 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-3.xml [2010.02.24 15:51:05 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-4.xml [2010.03.30 20:40:02 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-5.xml [2010.04.07 19:37:55 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-6.xml [2010.06.27 10:51:29 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-7.xml [2010.06.29 11:28:51 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-8.xml [2010.08.10 09:53:53 | 000,000,950 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin-9.xml [2010.02.03 15:38:36 | 000,000,947 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Roaming\Mozilla\FireFox\Profiles\z5fmdpni.default\searchplugins\icqplugin.xml [2010.09.06 10:05:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.02.04 19:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.01 20:34:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.08.05 19:59:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.05 19:59:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.05 19:59:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.05 19:59:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.05 19:59:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [regist] C:\Program Files\MySecurityCenter\Programs\RegistrationPopup.exe File not found O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe File not found O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Guido] C:\Users\romberg.WERT2\AppData\Roaming\Adobe\Update\inxwid.exe () O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKCU..\Run: [PasswordManager] C:\Programme\Kaspersky Lab\Kaspersky PURE\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe (Kaspersky Lab) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\romberg.WERT2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Wert2.local O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ac013f6-26c2-11de-a02a-001d094e5c06}\Shell - "" = AutoRun O33 - MountPoints2\{0ac013f6-26c2-11de-a02a-001d094e5c06}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{5105088a-ca44-11de-bfd9-00215c4d1bf9}\Shell\Autoplay\command - "" = F:\imation.exe -- File not found O33 - MountPoints2\{5105088a-ca44-11de-bfd9-00215c4d1bf9}\Shell\explore\Command - "" = F:\imation.exe -- File not found O33 - MountPoints2\{5105088a-ca44-11de-bfd9-00215c4d1bf9}\Shell\Open\Command - "" = F:\imation.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.07 10:33:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\romberg.WERT2\Desktop\OTL.exe [2010.09.07 08:55:27 | 000,000,000 | ---D | C] -- C:\Users\romberg.WERT2\AppData\Roaming\Malwarebytes [2010.09.07 08:55:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.07 08:55:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.07 08:55:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.07 08:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.07 08:53:40 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\romberg.WERT2\Desktop\mbam-setup.exe [2010.09.07 08:28:25 | 000,000,000 | --SD | C] -- C:\Users\romberg.WERT2\Documents\Passwords Database [2010.09.07 08:18:13 | 000,000,000 | ---D | C] -- C:\Users\romberg.WERT2\Desktop\Neuer Ordner [2010.09.06 20:06:35 | 000,000,000 | ---D | C] -- C:\Users\romberg.WERT2\AppData\Roaming\elsterformular [2010.09.06 20:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2010.09.06 20:01:53 | 058,119,040 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\romberg.WERT2\Desktop\ElsterFormular-11.5.1.4843.exe [2010.09.02 11:13:23 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2010.09.02 11:13:23 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2010.09.02 11:12:25 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2010.09.02 11:12:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch [2010.09.02 11:11:47 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.09.02 10:11:07 | 094,813,376 | ---- | C] (Kaspersky Lab) -- C:\Users\romberg.WERT2\Desktop\pure9.0.0.192de.exe [2010.08.27 16:21:12 | 000,000,000 | ---D | C] -- C:\Users\romberg.WERT2\AppData\Roaming\Helper [2010.08.26 22:23:16 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2010.08.26 22:22:46 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2010.08.26 22:22:45 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2010.08.26 22:22:45 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator [2010.08.26 22:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.08.26 22:22:27 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3 [2010.08.26 22:21:30 | 017,873,152 | ---- | C] (pdfforge GbR) -- C:\Users\romberg.WERT2\Desktop\PDFCreator-1_0_2_setup.exe [2010.08.26 12:47:56 | 000,000,000 | ---D | C] -- C:\Users\romberg.WERT2\Desktop\26August2010 [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.07 10:40:08 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FECC10C0-9633-490F-9178-33133511B02A}.job [2010.09.07 10:40:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CA7E480F-12D8-4F7E-8DE5-96B24E822885}.job [2010.09.07 10:34:12 | 003,932,160 | -HS- | M] () -- C:\Users\romberg.WERT2\ntuser.dat [2010.09.07 10:33:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\romberg.WERT2\Desktop\OTL.exe [2010.09.07 10:16:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.07 10:11:49 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 10:11:49 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 08:55:06 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 08:53:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\romberg.WERT2\Desktop\mbam-setup.exe [2010.09.07 08:32:11 | 000,363,520 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\rkill.com [2010.09.07 08:18:13 | 000,067,353 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.07 08:16:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5a0cfea14e20.job [2010.09.07 08:14:13 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.09.07 08:11:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.07 08:11:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.06 20:52:47 | 002,275,699 | -H-- | M] () -- C:\Users\romberg.WERT2\AppData\Local\IconCache.db [2010.09.06 20:41:46 | 000,002,631 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\Microsoft Office Word 2007.lnk [2010.09.06 20:35:10 | 000,005,284 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\Desiree.elfo [2010.09.06 20:05:48 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2010.09.06 20:02:48 | 058,119,040 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\romberg.WERT2\Desktop\ElsterFormular-11.5.1.4843.exe [2010.09.06 20:02:31 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\WebReg HP Deskjet F2400 Series.job [2010.09.05 18:24:15 | 000,012,308 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\Steinheim.docx [2010.09.02 13:12:10 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.09.02 11:58:16 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.09.02 11:58:15 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.09.02 11:11:47 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.09.02 10:16:16 | 094,813,376 | ---- | M] (Kaspersky Lab) -- C:\Users\romberg.WERT2\Desktop\pure9.0.0.192de.exe [2010.08.27 15:07:31 | 000,654,860 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.27 15:07:31 | 000,621,374 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.27 15:07:31 | 000,122,124 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.27 15:07:31 | 000,108,458 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.27 15:07:30 | 001,497,510 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.27 15:05:11 | 000,101,664 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.27 15:00:31 | 000,378,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.27 13:35:41 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop.lnk [2010.08.26 22:22:53 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010.08.26 22:22:16 | 002,696,192 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\softonic-Deutsch.exe [2010.08.26 22:22:04 | 017,873,152 | ---- | M] (pdfforge GbR) -- C:\Users\romberg.WERT2\Desktop\PDFCreator-1_0_2_setup.exe [2010.08.26 22:20:13 | 000,260,400 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\SoftonicDownloader31176.exe [2010.08.24 23:19:59 | 000,002,633 | ---- | M] () -- C:\Users\romberg.WERT2\Desktop\Microsoft Office Excel 2007.lnk [2010.08.23 15:18:20 | 000,000,680 | ---- | M] () -- C:\Users\romberg.WERT2\AppData\Local\d3d9caps.dat [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.07 08:55:06 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 08:32:08 | 000,363,520 | ---- | C] () -- C:\Users\romberg.WERT2\Desktop\rkill.com [2010.09.06 20:35:10 | 000,005,284 | ---- | C] () -- C:\Users\romberg.WERT2\Desktop\Desiree.elfo [2010.09.06 20:05:48 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2010.09.05 18:24:13 | 000,012,308 | ---- | C] () -- C:\Users\romberg.WERT2\Desktop\Steinheim.docx [2010.09.02 11:14:33 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.09.02 11:14:33 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.08.27 13:35:51 | 000,000,801 | ---- | C] () -- C:\Users\romberg.WERT2\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2010.08.27 13:35:41 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop.lnk [2010.08.26 22:22:53 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010.08.26 22:22:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.08.26 22:21:30 | 002,696,192 | ---- | C] () -- C:\Users\romberg.WERT2\Desktop\softonic-Deutsch.exe [2010.08.26 22:20:11 | 000,260,400 | ---- | C] () -- C:\Users\romberg.WERT2\Desktop\SoftonicDownloader31176.exe [2010.05.08 08:23:09 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll [2010.05.03 19:35:48 | 000,000,788 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.12.18 19:33:10 | 000,000,680 | ---- | C] () -- C:\Users\romberg.WERT2\AppData\Local\d3d9caps.dat [2009.09.08 21:17:55 | 000,067,353 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.09.08 21:17:34 | 000,067,353 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.02.27 19:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\Lv.INI [2009.02.27 19:46:29 | 000,000,132 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.05 09:17:24 | 000,007,168 | ---- | C] () -- C:\Users\romberg.WERT2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.13 13:51:14 | 000,000,072 | ---- | C] () -- C:\Windows\System32\Install.ini [2009.01.11 19:03:45 | 000,000,473 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.01.11 19:03:45 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.01.11 19:00:52 | 000,000,816 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.01.11 19:00:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.01.11 18:56:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2009.01.11 18:56:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2009.01.11 18:56:54 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.01.11 18:56:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.01.11 18:53:53 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2008.12.22 22:41:21 | 000,146,093 | ---- | C] () -- C:\Users\romberg.WERT2\AppData\Roaming\nvModes.001 [2008.12.22 22:41:17 | 000,146,093 | ---- | C] () -- C:\Users\romberg.WERT2\AppData\Roaming\nvModes.dat [2008.10.15 16:28:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2008.09.03 13:56:00 | 000,000,101 | ---- | C] () -- C:\Users\romberg.WERT2\AppData\Local\fusioncache.dat [2008.09.03 13:34:02 | 000,000,027 | ---- | C] () -- C:\Windows\LoadConfig.ini [2008.09.03 13:33:59 | 000,056,588 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.09.03 13:33:21 | 000,000,025 | ---- | C] () -- C:\Windows\AVTCVISTA.ini [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.10.10 08:19:34 | 003,673,360 | ---- | C] () -- C:\Windows\System32\Mso97rt.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2000.10.25 18:15:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll < End of report > Anti-Malware OTL Extras logfile created on: 07.09.2010 10:34:59 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\romberg.WERT2\Desktop Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,26 Gb Total Space | 146,40 Gb Free Space | 66,46% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,59 Gb Free Space | 55,88% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROMBERG-PC Current User Name: Romberg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CA5CDD-8E6A-4F00-AC1F-EB9A92F3CD84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{089FE3EC-F837-4ED7-9324-A2CF484D3F3F}" = rport=139 | protocol=6 | dir=out | app=system | "{14E1999B-5D6A-4B17-B0CB-F2E6C4D49C1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3F36BB5B-7E89-4EF4-A907-7D9FC6184505}" = lport=137 | protocol=17 | dir=in | app=system | "{51B14150-5BC9-406F-953E-5587BE317362}" = lport=2869 | protocol=6 | dir=in | app=system | "{574B8BEE-2B98-435C-B5A8-E16A7D8F7991}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{78A7B3AA-133D-4619-B008-4C62CD376C6B}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{7CCFAF4B-C9B2-49DE-A834-AB038AC2EA31}" = rport=138 | protocol=17 | dir=out | app=system | "{895DA5BE-B9ED-43FE-8D1C-DF83CF3423CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8D99C74C-5FE0-4E8A-B472-D7E749E3AE58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{90DC5192-56AB-41D3-8AE2-B14D99F2C126}" = rport=445 | protocol=6 | dir=out | app=system | "{A01D26AC-ABB8-47D8-A9DC-16DF6458B290}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{A5598ADE-C2CA-4D87-8B6A-BB618A4A4F86}" = lport=445 | protocol=6 | dir=in | app=system | "{C2962689-1507-4EB6-83A6-37165671E4B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C460064A-777C-44C8-B531-DB8BB4EE6EA5}" = lport=139 | protocol=6 | dir=in | app=system | "{C81B03B0-83F8-491B-821D-85CE3AFE436F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF397AB4-DB2F-4AB9-8569-A34C6DE54E5A}" = lport=138 | protocol=17 | dir=in | app=system | "{D52797FD-1129-45AB-9EF4-4B219BF948D1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DEA141F4-4BA5-4EA7-A795-AAE2D07B37EA}" = rport=137 | protocol=17 | dir=out | app=system | "{EEA2905B-DB67-4820-B35D-03ECD50A7D55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC63D1E2-A37C-4921-AF01-F0A272F25775}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C3B963-4AFD-42D2-AF02-824E64706A26}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | "{02DDA4C2-C41C-4584-825E-BB3F887EC533}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | "{03F3CC2D-3EA9-41BF-AFFB-F22F02606A24}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{0BE78439-B210-48CA-8585-3FBBE1306BF1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | "{0ECA1004-76C8-4479-BDA2-56C35CDFACCB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0FCE109F-C0E3-4254-9DEA-562B1000A6A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{113E1E0B-85EE-420A-B634-D5D2DB15B782}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{139D3E1E-337D-4545-BCDD-2A3883EE70B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{162EEDC7-06AD-4466-8F11-FC2E3F65845A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1726731C-DFBA-478B-9BC9-DEA1F15B89CD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{17331485-AA9C-42E0-BDD6-C94FAF9F06CB}" = protocol=17 | dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | "{226EC2FA-FF01-420A-A9B4-AACD86289840}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2437BC5A-38B1-4689-A894-A59A554DCD72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{28768E77-C704-4A04-9ADD-30DCD06748C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{3173FAE2-F481-40E8-8261-FAE9B47F8E36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3C700098-E7D8-4FD2-9386-DA92C460E8CE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{3FAE2963-1212-4318-8267-ABFC9F7078F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{4604B205-053F-4DDA-B28D-59495E27ACF0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{4C43F631-B085-41AD-8F56-A280BDF307D8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{51427634-C694-4640-8876-A18906F4A8D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5BF96D4E-E5B3-4D62-9B8E-F1CC15624852}" = protocol=6 | dir=in | app=e:\setup.exe | "{60DE6F0F-CA76-49CC-B962-068C7D0F436B}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | "{63E50322-8F74-466D-A319-8BB3003D1B8A}" = protocol=17 | dir=in | app=c:\users\romberg.wert2\appdata\local\temp\{a2ebb836-7b8a-4224-baec-e2d2e53e0eb8}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{6409058B-C688-4973-ABFE-753FEDA457DF}" = protocol=17 | dir=in | app=e:\setup.exe | "{655E8955-0455-4382-BAF4-518FB12E7EDA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{6A31BD8A-35DD-496F-A5E5-E927190962DF}" = protocol=6 | dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | "{6B107DFF-F76D-4C6E-87FB-929B4C9DB07F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{72FF35A8-CEAE-4DE1-860D-832A6559A040}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{7669ED40-169E-4CE5-B1C8-B8F6869B4C0F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{77B06C5E-E8B7-43B5-A0F2-76C6FC1D5A25}" = protocol=17 | dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | "{7B2BDAB0-1002-4F48-B42D-17839E97230B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7BA9DAB0-E83C-4DC9-B7E5-04B6DB40A55F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{7BFD8BB2-183A-4B95-B5C5-5FB0F23E928F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{864C794D-7284-425C-A44A-C9E2D26CD005}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | "{89985713-C77B-405F-8D66-FEEC00FD9B72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8A56C437-8AEC-4DE0-9817-671C221D7F9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{8EA6FFA4-CB16-4808-AE96-DFC6D037F738}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{90B9851F-31AB-41CD-B6DE-286B86CF345A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9169ADAC-24FD-473F-AFFA-FA1B57ABCB06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{94C93AC7-B3F7-4B26-8291-29477D8527C4}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{96581E94-DDFC-4116-B570-15AC0C8FD06A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{96BD492F-8456-4965-BF6B-A1892BEBA662}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | "{A4DA4F48-FF0D-4093-BC0A-93805853D2D3}" = protocol=17 | dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | "{AA700942-C2DF-4C95-8ECF-9ADE07CFDFC3}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{AA812733-00F8-4478-B835-4A48F3145951}" = protocol=6 | dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | "{AB5547A8-2A61-45C5-A484-D2B70BCDCD36}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{B595586B-A33A-4534-9ECB-5BC3DCC7052D}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | "{B9A9B447-273C-48CA-8DEA-CA2AB29596A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BDE80FA8-8242-4FB5-8F19-C3D9998F7B7B}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{D1D92D6F-DC72-4EC4-A537-ADBEB8C2326C}" = protocol=6 | dir=in | app=c:\users\romberg.wert2\appdata\local\temp\{a2ebb836-7b8a-4224-baec-e2d2e53e0eb8}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{D21A8B93-E47C-4D2F-843A-C36381B1ECE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{D6C428E1-A274-4874-A5F4-7AB99AB74EBF}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{DFB21366-5EDF-46D1-985E-9D45FF6172AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E817B325-D0BE-42A1-8780-5D8876629A21}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{E96690CC-2536-4152-AB2E-6FD51D24276B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{EAEE11A6-4603-44A8-B1F1-40D248A89CFC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{EF09B267-EB55-4CCA-981E-24264471DDB7}" = protocol=6 | dir=in | app=c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe | "{EF2955E3-8161-4DFD-B858-C64E48575DA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{EFFAED36-1B16-46D6-9120-24E156F7DAE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F0979A2C-1ABD-4690-913C-D4EEB411354A}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | "{FA6F6C9F-EDDB-4296-B396-E6C617213DF5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FB31969F-0725-47CB-966F-35E649493EE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FBAEE68F-0E87-42AA-891E-A24251A71A71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "TCP Query User{A6DB9C2B-9FD5-49B3-93C5-8F2F977591D7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{096AE44A-D26B-49A2-AE86-CFD76C944A4D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{053A3BEE-A42C-44C6-9314-24EC90E47413}_is1" = K-Lite v2.7.2 "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{335424A2-2C4E-49F3-A066-58635269DB83}" = Sentinel Protection Installer 7.4.2 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88CFEF4F-3BA5-4B1F-BAD9-0C8F82026C96}" = CodeMeter Runtime Kit v3.30b "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A5D942B1-E0C7-4AC7-8C2A-E4FD446BD3E2}" = cobra Component Update 02 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2 "{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{D9DCC53C-D199-4261-8A60-FA7616F73F19}" = English Network 2 Aussprache-CD-ROM "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "CCleaner" = CCleaner (remove only) "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "ElsterFormular 11.5.1.4843" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free FLV Converter_is1" = Free FLV Converter V 6.7.8 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Holdem Helper_is1" = Holdem Helper 1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "ICQToolbar" = ICQ Toolbar "InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NetCologne NetDSL" = NetCologne NetDSL-Installationsdateien entfernen "NVIDIA Drivers" = NVIDIA Drivers "RealPlayer 6.0" = RealPlayer "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "Shop for HP Supplies" = Shop for HP Supplies "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "softonic-de3 Toolbar" = softonic-de3 Toolbar "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.09.2010 11:27:51 | Computer Name = Romberg-PC.Wert2.local | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.4.1.2511, Zeitstempel 0x49dd835b, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000135, Fehleroffset 0x00008fc7, Prozess-ID 0x92c, Anwendungsstartzeit 01cb4dd7fd8fe6f6. Error - 06.09.2010 13:13:49 | Computer Name = Romberg-PC.Wert2.local | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.4.1.2511, Zeitstempel 0x49dd835b, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000135, Fehleroffset 0x00008fc7, Prozess-ID 0xff8, Anwendungsstartzeit 01cb4de6a5fe27f7. Error - 06.09.2010 13:56:44 | Computer Name = Romberg-PC.Wert2.local | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3855 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 15d0 Anfangszeit: 01cb4de8ade88b77 Zeitpunkt der Beendigung: 38 Error - 06.09.2010 14:09:45 | Computer Name = Romberg-PC.Wert2.local | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3855 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1698 Anfangszeit: 01cb4dee608e5cf7 Zeitpunkt der Beendigung: 23 Error - 06.09.2010 14:23:24 | Computer Name = Romberg-PC.Wert2.local | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3855 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: fac Anfangszeit: 01cb4defdde234a7 Zeitpunkt der Beendigung: 23 Error - 06.09.2010 14:31:18 | Computer Name = Romberg-PC.Wert2.local | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3855 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 11c8 Anfangszeit: 01cb4df0d5d6fb57 Zeitpunkt der Beendigung: 35 Error - 07.09.2010 02:12:08 | Computer Name = Romberg-PC.Wert2.local | Source = Google Update | ID = 20 Description = Error - 07.09.2010 02:13:54 | Computer Name = Romberg-PC.Wert2.local | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.4.1.2511, Zeitstempel 0x49dd835b, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000135, Fehleroffset 0x00008fc7, Prozess-ID 0x1dc, Anwendungsstartzeit 01cb4e53be5ef51d. Error - 07.09.2010 02:26:21 | Computer Name = Romberg-PC.Wert2.local | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3855 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 308 Anfangszeit: 01cb4e55698803ed Zeitpunkt der Beendigung: 22 Error - 07.09.2010 02:36:59 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. [ OSession Events ] Error - 05.06.2009 09:18:57 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23830 seconds with 1800 seconds of active time. This session ended with a crash. Error - 06.09.2010 06:23:30 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 90 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 06.09.2010 14:01:58 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 06.09.2010 14:01:58 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 06.09.2010 14:01:58 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 06.09.2010 14:01:58 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 06.09.2010 14:01:58 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 06.09.2010 14:09:42 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 07.09.2010 02:11:50 | Computer Name = Romberg-PC.Wert2.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne WERT2 aufgrund der folgenden Ursache: %%1311 nicht einrichten. Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 07.09.2010 02:12:06 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 07.09.2010 02:12:16 | Computer Name = Romberg-PC.Wert2.local | Source = Service Control Manager | ID = 7000 Description = Error - 07.09.2010 02:12:44 | Computer Name = Romberg-PC.Wert2.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. < End of report > |
07.09.2010, 10:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti Malware und OTL durchgeführt aber Firefox "streikt" Das Log von Malwarebytes seh ich da nicht, bitte nachreichen.
__________________
__________________ |
07.09.2010, 11:52 | #3 |
| Anti Malware und OTL durchgeführt aber Firefox "streikt" Hallo cosinus,
__________________die Log Daten der Anti-Malware sind ungefähr nach der Hälfte zu sehen. Ich hatte Anti-Malware fett markiert und unterstrichen. Gefunden? Schönen Gruß, Manuel |
07.09.2010, 12:16 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti Malware und OTL durchgeführt aber Firefox "streikt"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
07.09.2010, 12:47 | #5 |
| Anti Malware und OTL durchgeführt aber Firefox "streikt" ahso, sorry, aber ich bin diesbezüglich unwissend :-). Kannst Du trotzdem damit etwas anfangen, oder Tipps geben, was ich noch so machen kann? gruss, Manuel |
07.09.2010, 13:24 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti Malware und OTL durchgeführt aber Firefox "streikt" Poste doch erstmal das Log von malwarebytes...
__________________ --> Anti Malware und OTL durchgeführt aber Firefox "streikt" |
Themen zu Anti Malware und OTL durchgeführt aber Firefox "streikt" |
32 bit, acedrv05.sys, ask toolbar, ask.com, avp.exe, bho, bonjour, components, conduit, converter, corp./icp, dsl, erfolgsmeldung, error, excel.exe, exe.exe, firefox, firefox.exe, flash player, format, gmx.de, google, google chrome, gruppe, helper, install.exe, kaspersky, keine rückmeldung, local\temp, location, logfile, malware, microsoft office word, mozilla, netzwerk, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl.exe, pdfforge toolbar, plug-in, programdata, registry, remote control, richtlinie, rundll, saver, searchplugins, security update, senden, server, shell32.dll, skype.exe, software, spigot, start menu, svchost.exe, tastatur, udp, vista |