Trojaner-Board - Geänderte Proxyeinstellungen?

OTL LOG 1

OTL Logfile:

Code:

OTL logfile created on: 16.12.2010 06:25:48 - Run 1

OTL by OldTimer - Version 3.2.12.1     Folder = C:\Dokumente und Einstellungen\Prensh\Desktop\Bkdoor

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,00 Mb Total Physical Memory | 179,00 Mb Available Physical Memory | 35,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 8,79 Gb Total Space | 1,00 Gb Free Space | 11,35% Space Free | Partition Type: NTFS

Drive D: | 65,76 Gb Total Space | 19,35 Gb Free Space | 29,43% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 719,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PRENSH

Current User Name: Prensh

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\Prensh\Desktop\Bkdoor\OTL.exe (OldTimer Tools)

PRC - D:\Programme\Napster\napster.exe (Napster)

PRC - D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()

PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe (TimeBridge)

PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)

PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()

PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca AB)

PRC - D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)

PRC - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)

PRC - D:\Programme\D-Link\Air Utility\AirCFG.exe (D-Link)

PRC - C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Prensh\Desktop\Bkdoor\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (StarWindService) -- d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (notecable) NoteCable Driver (WDM) -- C:\WINDOWS\System32\drivers\notcable.sys File not found

DRV - (efipsk) -- C:\DOKUME~1\Prensh\LOKALE~1\Temp\efipsk.sys File not found

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)

DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)

DRV - (RRNetCapMP) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG)

DRV - (RRNetCap) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)

DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)

DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation)

DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation)

DRV - (s115mdm) -- C:\WINDOWS\system32\drivers\s115mdm.sys (MCCI Corporation)

DRV - (s115mdfl) -- C:\WINDOWS\system32\drivers\s115mdfl.sys (MCCI Corporation)

DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation)

DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)

DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\WINDOWS\system32\drivers\s616bus.sys (MCCI Corporation)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)

DRV - (NETDLWL) D-Link Air Wireless Adapter(DL) -- C:\WINDOWS\system32\drivers\NETDLWL.sys (D-Link. All Rights Reserved.)

DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.short-funny-jokes.com

IE - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58061

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3

FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.12.14 15:08:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.12.11 19:54:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: D:\Programme\Mozilla Sunbird\components [2009.04.28 17:03:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: D:\Programme\Mozilla Sunbird\plugins [2009.11.07 03:56:11 | 000,000,000 | ---D | M]

 

[2010.10.03 21:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\Mozilla\Extensions

[2010.10.03 21:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com

[2010.12.16 06:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\Mozilla\Firefox\Profiles\81cl8bff.default\extensions

[2010.11.28 18:33:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\Mozilla\Firefox\Profiles\81cl8bff.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.11.28 18:33:27 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\Mozilla\Firefox\Profiles\81cl8bff.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2008.09.20 10:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\Mozilla\Sunbird\Profiles\qmgmg1ey.default\extensions

 

O1 HOSTS File: ([2010.10.05 08:48:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Programme\veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)

O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [D-Link Air Utility] D:\Programme\D-Link\Air Utility\AirCFG.exe (D-Link)

O4 - HKLM..\Run: [EvtMgr6] D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NapsterShell] D:\Programme\Napster\napster.exe (Napster)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Philips Device Listener] C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()

O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003..\Run: [Messenger (Yahoo!)] D:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003..\Run: [TimeBridge Connector for Outlook] C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe (TimeBridge)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Prensh\Startmenü\Programme\Autostart\MagicDisc.lnk = D:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - D:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200784304335 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1801674531-1682526488-725345543-1003 Winlogon: Shell - (C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\dwm.exe) - C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\dwm.exe File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Prensh\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Prensh\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.01.19 22:01:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.12.15 23:10:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.12.15 23:04:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[2010.12.15 23:04:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010.12.15 23:00:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll

[2010.12.15 23:00:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll

[2010.12.15 22:59:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll

[2010.12.15 22:59:34 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll

[2010.12.15 22:59:24 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2010.12.15 22:59:23 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010.12.15 22:59:19 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll

[2010.12.15 22:59:11 | 001,063,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll

[2010.12.15 22:59:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll

[2010.12.15 22:59:06 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010.12.15 22:59:05 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010.12.15 22:58:47 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll

[2010.12.15 22:58:43 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll

[2010.12.15 22:58:39 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll

[2010.12.15 22:58:38 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010.12.15 22:58:31 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll

[2010.12.15 22:58:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll

[2010.12.15 22:58:31 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe

[2010.12.15 22:58:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshom.ocx

[2010.12.15 22:58:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe

[2010.12.15 22:58:31 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll

[2010.12.15 22:57:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll

[2010.12.15 22:57:23 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll

[2010.12.15 22:56:28 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe

[2010.12.15 22:56:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe

[2010.12.15 22:55:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll

[2010.12.15 22:55:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll

[2010.12.15 22:54:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2010.12.14 14:48:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Prensh\Recent

[2010.12.14 13:42:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\JAM Software

[2010.12.14 11:58:52 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2010.12.14 11:58:52 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2010.12.14 11:58:48 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2010.12.14 11:58:47 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2010.12.14 11:57:35 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll

[2010.12.14 11:56:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe

[2010.12.14 11:54:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010.12.14 11:54:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2010.12.14 11:54:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2010.12.14 11:54:10 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll

[2010.12.14 11:53:36 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll

[2010.12.14 11:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010.12.14 11:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010.12.14 11:25:57 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll

[2010.12.14 11:25:57 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll

[2010.12.14 11:25:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll

[2010.12.14 11:25:52 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll

[2010.12.14 11:25:51 | 004,886,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll

[2010.12.14 11:25:51 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll

[2010.12.14 11:25:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll

[2010.12.14 11:25:51 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm

[2010.12.14 11:25:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm

[2010.12.14 11:25:49 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll

[2010.12.14 11:25:49 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll

[2010.12.14 11:25:49 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm

[2010.12.14 11:25:41 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll

[2010.12.14 11:25:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll

[2010.12.14 11:25:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll

[2010.12.14 11:25:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

[2010.12.14 11:25:25 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll

[2010.12.14 11:25:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll

[2010.12.14 11:25:24 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll

[2010.12.14 11:25:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll

[2010.12.14 11:25:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll

[2010.12.14 11:25:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll

[2010.12.14 11:25:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll

[2010.12.14 11:25:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll

[2010.12.14 11:25:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll

[2010.12.14 11:25:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll

[2010.12.14 11:25:23 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll

[2010.12.14 11:25:23 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll

[2010.12.14 11:25:23 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll

[2010.12.14 11:25:23 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll

[2010.12.14 11:25:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll

[2010.12.14 11:25:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll

[2010.12.14 11:25:23 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll

[2010.12.14 11:25:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll

[2010.12.14 11:25:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll

[2010.12.14 11:25:21 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll

[2010.12.14 11:25:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll

[2010.12.14 11:25:21 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll

[2010.12.14 11:25:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll

[2010.12.14 11:25:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe

[2010.12.14 11:25:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll

[2010.12.14 11:25:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll

[2010.12.14 11:25:20 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll

[2010.12.14 11:25:20 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe

[2010.12.14 11:25:20 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll

[2010.12.14 11:25:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll

[2010.12.14 11:25:20 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll

[2010.12.14 11:25:19 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll

[2010.12.14 11:25:19 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll

[2010.12.14 11:25:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll

[2010.12.14 11:25:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll

[2010.12.14 11:25:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll

[2010.12.14 11:25:18 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll

[2010.12.14 11:25:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe

[2010.12.14 11:25:17 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll

[2010.12.14 11:25:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll

[2010.12.14 11:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010.12.14 11:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de

[2010.12.14 11:20:27 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe

[2010.12.14 11:20:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll

[2010.12.14 11:20:26 | 000,847,898 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdxm.ocx

[2010.12.14 11:20:26 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll

[2010.12.14 11:20:26 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll

[2010.12.14 11:20:26 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll

[2010.12.14 11:20:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe

[2010.12.14 11:20:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll

[2010.12.14 11:20:26 | 000,004,126 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdxmlc.dll

[2010.12.14 11:20:25 | 002,973,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll

[2010.12.14 11:20:25 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll

[2010.12.14 11:20:25 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe

[2010.12.14 11:20:25 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll

[2010.12.14 11:20:25 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll

[2010.12.14 11:20:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe

[2010.12.14 11:20:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll

[2010.12.14 11:20:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll

[2010.12.14 11:20:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll

[2010.12.14 11:20:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx

[2010.12.14 11:18:33 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys

[2010.11.18 19:12:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.12.16 06:07:27 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.12.16 06:06:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.12.16 06:06:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.12.16 00:52:23 | 010,223,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\Prensh\NTUSER.DAT

[2010.12.16 00:52:23 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Prensh\ntuser.ini

[2010.12.15 23:31:53 | 000,643,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.12.15 23:31:52 | 000,715,802 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.12.15 23:31:52 | 000,149,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.12.15 23:31:51 | 000,181,200 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.12.15 23:31:51 | 000,005,346 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.12.15 23:26:19 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.12.15 23:22:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.12.14 18:20:30 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.12.14 14:14:25 | 000,070,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Prensh\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2010.12.14 11:42:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.12.14 11:17:53 | 000,251,712 | RHS- | M] () -- C:\ntldr

[2010.12.11 20:15:11 | 000,012,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Prensh\Desktop\Anschreiben_Mehmet.docx

[2010.12.10 00:28:45 | 003,205,582 | -H-- | M] () -- C:\Dokumente und Einstellungen\Prensh\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.12.10 00:05:00 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\09DA.D31

[2010.12.02 09:07:31 | 000,031,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Prensh\Desktop\Kündigung Brauweiler.doc

[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.11.18 19:12:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll

[2010.11.18 19:12:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.12.15 23:08:17 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010.12.14 11:25:52 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2010.12.14 11:25:52 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm

[2010.12.14 11:25:52 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm

[2010.12.14 11:25:52 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2010.12.14 11:25:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2010.12.14 11:25:52 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2010.12.14 11:25:52 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2010.12.14 11:25:51 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2010.12.14 11:25:51 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2010.12.14 11:25:51 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2010.12.14 11:25:51 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2010.12.14 11:25:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2010.12.14 11:25:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2010.12.14 11:25:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2010.12.14 11:25:51 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2010.12.14 11:25:51 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2010.12.14 11:25:51 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2010.12.14 11:25:51 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf

[2010.12.14 11:25:51 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2010.12.14 11:25:51 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2010.12.14 11:25:51 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2010.12.14 11:25:51 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2010.12.14 11:25:51 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2010.12.14 11:25:51 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2010.12.14 11:25:51 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2010.12.14 11:25:51 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2010.12.14 11:25:51 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2010.12.14 11:25:51 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2010.12.14 11:25:51 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2010.12.14 11:25:51 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2010.12.14 11:25:51 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2010.12.14 11:25:51 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2010.12.14 11:25:51 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2010.12.14 11:25:51 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2010.12.14 11:25:51 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2010.12.14 11:25:51 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2010.12.14 11:25:51 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2010.12.14 11:25:51 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2010.12.14 11:25:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2010.12.14 11:25:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2010.12.14 11:25:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2010.12.14 11:25:51 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2010.12.14 11:25:51 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2010.12.14 11:25:50 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2010.12.14 11:25:50 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2010.12.14 11:25:50 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2010.12.14 11:25:50 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz

[2010.12.14 11:25:50 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2010.12.14 11:25:50 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2010.12.14 11:25:50 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2010.12.14 11:25:50 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2010.12.14 11:25:50 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl

[2010.12.14 11:25:50 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl

[2010.12.14 11:25:50 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl

[2010.12.14 11:25:50 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl

[2010.12.14 11:25:50 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl

[2010.12.14 11:25:50 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl

[2010.12.14 11:25:50 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl

[2010.12.14 11:25:50 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl

[2010.12.14 11:25:50 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl

[2010.12.14 11:25:50 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl

[2010.12.14 11:25:50 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl

[2010.12.14 11:25:50 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl

[2010.12.14 11:25:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl

[2010.12.14 11:25:50 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl

[2010.12.14 11:25:50 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl

[2010.12.14 11:25:50 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2010.12.14 11:25:49 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2010.12.14 11:25:49 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2010.12.14 11:25:49 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz

[2010.12.14 11:25:49 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp

[2010.12.14 11:25:49 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2010.12.14 11:25:49 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2010.12.14 11:25:49 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2010.12.14 11:25:49 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2010.12.14 11:25:49 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt

[2010.12.14 11:25:49 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2010.12.14 11:25:49 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2010.12.14 11:25:48 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2010.12.14 11:25:48 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2010.12.14 11:25:48 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2010.12.14 11:25:48 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2010.12.11 15:22:07 | 000,012,273 | ---- | C] () -- C:\Dokumente und Einstellungen\Prensh\Desktop\Anschreiben_Mehmet.docx

[2010.12.06 23:25:59 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\09DA.D31

[2010.06.15 19:39:11 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Prensh\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2010.01.30 15:35:24 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.11.16 08:15:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009.11.16 08:15:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2009.07.03 16:46:55 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini

[2009.04.23 17:51:20 | 000,001,050 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009.04.09 20:32:11 | 000,164,088 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2008.12.03 03:20:06 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini

[2008.09.22 15:25:06 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2008.09.22 15:25:06 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2008.09.22 15:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2008.09.22 15:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll

[2008.09.22 15:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll

[2008.09.22 15:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll

[2008.09.22 15:20:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2008.09.22 15:20:37 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2008.08.24 20:20:10 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.07.22 12:01:39 | 000,000,311 | ---- | C] () -- C:\WINDOWS\tm.ini

[2008.06.10 11:20:48 | 000,208,976 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[2008.06.10 11:20:46 | 002,412,544 | ---- | C] () -- C:\WINDOWS\npdbplug.dll

[2008.02.26 12:49:08 | 000,000,493 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.02.23 01:28:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008.02.05 23:32:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2008.02.05 12:27:15 | 000,137,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Prensh\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.20 18:46:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008.01.20 18:43:17 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat

[2008.01.20 01:02:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2008.01.19 23:09:36 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2006.10.22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.10.22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.10.22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.10.22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.10.22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

 
 ========== Files - Unicode (All) ==========

[2009.11.08 03:07:16 | 000,407,014 | ---- | M] ()(D:\Eigene Dateien\? T Nils (1).amr) -- D:\Eigene Dateien\ T Nils (1).amr

[2009.11.08 03:03:04 | 000,407,014 | ---- | C] ()(D:\Eigene Dateien\? T Nils (1).amr) -- D:\Eigene Dateien\ T Nils (1).amr

[2009.11.08 02:49:16 | 000,301,510 | ---- | M] ()(D:\Eigene Dateien\? T Nils.amr) -- D:\Eigene Dateien\ T Nils.amr

[2009.11.08 02:46:10 | 000,301,510 | ---- | C] ()(D:\Eigene Dateien\? T Nils.amr) -- D:\Eigene Dateien\ T Nils.amr

< End of report >

--- --- ---

LOG2
OTL Logfile:

Code:

OTL Extras logfile created on: 16.12.2010 06:25:48 - Run 1

OTL by OldTimer - Version 3.2.12.1     Folder = C:\Dokumente und Einstellungen\Prensh\Desktop\Bkdoor

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,00 Mb Total Physical Memory | 179,00 Mb Available Physical Memory | 35,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 8,79 Gb Total Space | 1,00 Gb Free Space | 11,35% Space Free | Partition Type: NTFS

Drive D: | 65,76 Gb Total Space | 19,35 Gb Free Space | 29,43% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 719,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PRENSH

Current User Name: Prensh

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-1801674531-1682526488-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- Reg Error: Key error.

htmlfile [opennew] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- "D:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)

"d:\Programme\PPMate\ppmate.exe" = D:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found

"d:\Programme\PPMate\ppmnet.exe" = d:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found

"d:\Programme\PPMate\ppamnet.exe" = d:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate -- File not found

"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"D:\Programme\Pinnacle\VideoSpin\Programs\RM.exe" = D:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- File not found

"D:\Programme\Pinnacle\VideoSpin\Programs\umi.exe" = D:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- File not found

"D:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = D:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- File not found

"D:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = D:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"D:\Programme\Opera\opera.exe" = D:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found

"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" = C:\Dokumente und Einstellungen\Prensh\Anwendungsdaten\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook  -- (TimeBridge)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1D1A31E3-65AC-4646-A553-ABC106EA7129}" = Microsoft LifeCam

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}" = Air Utility

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7242785F-6E89-48C1-A29B-E589FCE30CD4}" = ACDSee 7.0 PowerPack

"{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}" = ANIWZCS Service

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{AE085E37-93BB-4CB5-BA98-9777A393EDCE}" = Tunebite

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support

"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers

"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data

"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite

"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8

"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Azureus" = Azureus

"Basketball Playbook 009_is1" = Basketball Playbook 009

"CCleaner" = CCleaner

"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)

"CloneDVD2" = CloneDVD2

"DC-Bass Source" = DC-Bass Source 1.1.0

"DelinvFile_is1" = DelinvFile - 3.02

"DirectVobSub" = DirectVobSub (remove only)

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"divx650vfw_is1" = DivX Pro 6.8.0 VFW

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDx_is1" = DVDx

"EasyBurning" = Easy Burning (remove only)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ffdshow_is1" = ffdshow [rev 1685] [2007-12-06]

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free Video Dub_is1" = Free Video Dub version 1.5

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"HaaliMkx" = Haali Media Splitter

"HotspotShield" = Hotspot Shield 1.10

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"InstallShield_{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}" = Air Utility

"Kalo24 - der Freeware-Kaloreinexperte" = Kalo24 - der Freeware-Kaloreinexperte 1.0.0.0 

"KaloMa_is1" = KaloMa 5.00alpha20100413

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MPE" = MyPhoneExplorer

"My digital Diary" = My digital Diary 3.2 

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)

"Philips Songbird" = Philips Songbird

"RealMedia" = RealMedia (remove only)

"RealPlayer 6.0" = RealPlayer

"Revo Uninstaller" = Revo Uninstaller 1.85

"SHOUTcast Source" = SHOUTcast Source (remove only)

"Sony Ericsson Bluetooth Remote Control" = Sony Ericsson Bluetooth Remote Control 3.04

"Soulseek" = SoulSeek Client 156c

"Soulseek2" = SoulSeek 157 NS 13e

"SP6" = Logitech SetPoint 6.15

"SpeedFan" = SpeedFan (remove only)

"TeamViewer 5" = TeamViewer 5

"TeraCopy_is1" = TeraCopy 2.0 beta 3

"TreeSize Free_is1" = TreeSize Free V2.5

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VideoLAN VLC media player 0.8.6d

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WIC" = Windows Imaging Component

"WinAce Archiver" = WinAce Archiver

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"Zattoo4" = Zattoo4 4.0.5

"ZoomPlayer" = Zoom Player (remove only)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1801674531-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{B3C98D9C-B5B6-4EA5-AC93-855FA68FE659}" = TimeBridge Connector for Outlook v1.41.251.21817

"jlGui 3.0" = jlGui 3.0

"pdfsam" = pdfsam

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 15.12.2010 18:28:41 | Computer Name = PRENSH | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 15.12.2010 18:31:47 | Computer Name = PRENSH | Source = LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn  der Prozess Performance auf dem Erweitungerungsindikator-Anbieter

 ausgeführt wird. Der Wert BaseIndex aus der  Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert LastCounter ist das zweite   DWORD im Datenbereich

 und der Werte LastHelp ist das dritte DWORD im Datenbereich.

 

Error - 15.12.2010 18:31:47 | Computer Name = PRENSH | Source = LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn  der Prozess Performance auf dem Erweitungerungsindikator-Anbieter

 ausgeführt wird. Der Wert BaseIndex aus der  Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert LastCounter ist das zweite   DWORD im Datenbereich

 und der Werte LastHelp ist das dritte DWORD im Datenbereich.

 

Error - 15.12.2010 18:31:47 | Computer Name = PRENSH | Source = LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für  Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 15.12.2010 18:41:23 | Computer Name = PRENSH | Source = ExceptionManagerPublishedException | ID = 0

Description =   General Information   *********************************************  Additional

 Info:  ExceptionManager.MachineName: PRENSH  ExceptionManager.TimeStamp: 15.12.2010

 23:41:22  ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,

 Version=1.41.251.21817, Culture=neutral, PublicKeyToken=7f11c3c0aaca6086  ExceptionManager.AppDomainName:

 TimeBridgeConnectorForOutlook.exe  ExceptionManager.ThreadIdentity:   ExceptionManager.WindowsIdentity:

 PRENSH\Prensh    1) Exception Information  *********************************************

Exception

 Type: System.Exception  Message: The BITS service returned an error for the job with

 the ID '16bde5b9-9c84-4e85-b05d-edf0e9652057';     the job's name and description are

 'Updater job.' and 'Updater: Download the Server XML File.'.      The BITS service 

error message for this job is     'A connection with the server could not be established
 

'.

                This

 job has been canceled, and the DownloaderManager will attempt it again.  If you

 see this error frequently, you may have a mis-configuration, or another     administrator

 process/user is canceling BITS jobs.    It is also possible that some mis-configuration

 of the Manifest file is causing BITS to have trouble with a source or destination

 path;     be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths

 are valid LOCAL UNC paths--__shares are not allowed__.  Data: System.Collections.ListDictionaryInternal

TargetSite:

 NULL  HelpLink: NULL  Source: NULL

 

Error - 15.12.2010 18:41:25 | Computer Name = PRENSH | Source = ExceptionManagerPublishedException | ID = 0

Description = 

 

Error - 15.12.2010 18:43:04 | Computer Name = PRENSH | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3989,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.

 

Error - 16.12.2010 01:21:20 | Computer Name = PRENSH | Source = ExceptionManagerPublishedException | ID = 0

Description =   General Information   *********************************************  Additional

 Info:  ExceptionManager.MachineName: PRENSH  ExceptionManager.TimeStamp: 16.12.2010

 06:21:20  ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,

 Version=1.41.251.21817, Culture=neutral, PublicKeyToken=7f11c3c0aaca6086  ExceptionManager.AppDomainName:

 TimeBridgeConnectorForOutlook.exe  ExceptionManager.ThreadIdentity:   ExceptionManager.WindowsIdentity:

 PRENSH\Prensh    1) Exception Information  *********************************************

Exception

 Type: System.Exception  Message: The BITS service returned an error for the job with

 the ID 'ed5f9b8d-64ea-48ec-bc60-43c4155afa1f';     the job's name and description are

 'Updater job.' and 'Updater: Download the Server XML File.'.      The BITS service 

error message for this job is     'A connection with the server could not be established
 

'.

                This

 job has been canceled, and the DownloaderManager will attempt it again.  If you

 see this error frequently, you may have a mis-configuration, or another     administrator

 process/user is canceling BITS jobs.    It is also possible that some mis-configuration

 of the Manifest file is causing BITS to have trouble with a source or destination

 path;     be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths

 are valid LOCAL UNC paths--__shares are not allowed__.  Data: System.Collections.ListDictionaryInternal

TargetSite:

 NULL  HelpLink: NULL  Source: NULL

 

Error - 16.12.2010 01:21:22 | Computer Name = PRENSH | Source = ExceptionManagerPublishedException | ID = 0

Description = 

 

Error - 16.12.2010 01:25:12 | Computer Name = PRENSH | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OTL.exe, Version 3.2.12.1, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ OSession Events ]

Error - 28.03.2010 16:46:37 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 102

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 31.03.2010 17:55:12 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 465

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 07.04.2010 01:05:58 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 462

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 27.05.2010 05:43:02 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 07.06.2010 02:47:58 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 864

 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error - 08.08.2010 04:53:58 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 196

 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error - 21.08.2010 09:55:24 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15495

 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error - 23.08.2010 18:09:10 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 645

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 15.09.2010 04:57:38 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 364

 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error - 30.09.2010 03:36:09 | Computer Name = PRENSH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 125

 seconds with 60 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 14.12.2010 09:58:54 | Computer Name = PRENSH | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.85 für die Netzwerkkarte mit der Netzwerkadresse

 000C766C8EFA wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 

hat eine DHCPNACK-Meldung gesendet).

 

Error - 14.12.2010 10:42:24 | Computer Name = PRENSH | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse

 000C766C8EFA wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 

hat eine DHCPNACK-Meldung gesendet).

 

Error - 14.12.2010 11:10:14 | Computer Name = PRENSH | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.85 für die Netzwerkkarte mit der Netzwerkadresse

 000C766C8EFA wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 

hat eine DHCPNACK-Meldung gesendet).

 

Error - 14.12.2010 11:13:49 | Computer Name = PRENSH | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse

 000C766C8EFA wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 

hat eine DHCPNACK-Meldung gesendet).

 

Error - 14.12.2010 11:53:33 | Computer Name = PRENSH | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.85 für die Netzwerkkarte mit der Netzwerkadresse

 000C766C8EFA wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 

hat eine DHCPNACK-Meldung gesendet).

 

Error - 14.12.2010 12:08:00 | Computer Name = PRENSH | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 14.12.2010 12:08:05 | Computer Name = PRENSH | Source = Service Control Manager | ID = 7034

Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 15.12.2010 03:29:30 | Computer Name = PRENSH | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 15.12.2010 17:50:02 | Computer Name = PRENSH | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.100 für die Netzwerkkarte mit der Netzwerkadresse

 000D8842CBED wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server 

hat eine DHCPNACK-Meldung gesendet).

 

Error - 15.12.2010 17:50:12 | Computer Name = PRENSH | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

 

< End of report >

--- --- ---

Danke schon mal!