|
"MyStart IncrediBar" Hallo, wie schon oben angedeutet habe ich ein Problem... Auf meinem LapTop ist der MyStart IncrediBar aufgetaucht und ich habe bis jetzt noch keine Lösung gefunden, wie ich dieses Problem lösen soll. Habe die OTL runtergeladen und hier die Ergebnisse OTL logfile created on: 27.06.2012 12:54:26 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\petra\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,70% Memory free 7,99 Gb Paging File | 6,14 Gb Available in Paging File | 76,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 390,56 Gb Free Space | 86,58% Space Free | Partition Type: NTFS Computer Name: PETRA-PC | User Name: petra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 12:48:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\petra\Downloads\OTL.exe PRC - [2012.06.21 07:49:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.06.12 17:59:32 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.06.12 17:59:10 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012.06.06 09:16:00 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.05.03 11:31:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2010.07.04 20:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.02.09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2009.06.05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2012.06.21 07:49:32 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012.06.14 13:10:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll MOD - [2012.06.14 13:09:59 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.14 13:09:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 13:09:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.14 13:09:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.06.12 17:59:32 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.06.12 17:59:10 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012.05.13 11:09:14 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.13 11:09:08 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.12 18:03:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 18:01:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.12 18:01:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 18:01:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 18:01:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 18:01:33 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.03 11:31:29 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.02.09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2010.02.09 20:34:00 | 000,365,888 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2010.02.09 20:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2010.02.09 20:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2010.02.09 20:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2010.02.09 20:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2010.02.09 20:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2010.02.09 20:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.12.15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.02.25 20:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.06.25 12:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 20:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters) SRV - [2012.06.21 08:40:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.12 17:59:10 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012.06.06 09:16:00 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.05.03 11:31:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.25 20:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe -- (STacSV) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.28 17:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.03.02 20:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.05.12 12:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.05.12 12:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2010.05.12 12:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.05.12 12:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.05.12 12:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.02.25 20:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.25 13:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.25 13:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.20 05:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.08 10:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012.04.10 21:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6C5A0DE2-7270-4DE8-BB24-9D7105C60892} IE:64bit: - HKLM\..\SearchScopes\{6C5A0DE2-7270-4DE8-BB24-9D7105C60892}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9ECEAF35-78E2-4FF8-AFB9-7C9F1DD069B2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2843456 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=7e95789700000000000078e4008e89c5 IE - HKCU\..\SearchScopes\{4443A312-6D48-4124-B58E-AE2E60D42909}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1911187D-7802-4A71-9F0E-A5D96F282657}&mid=097c801aaa5447d08dcd75f39d326929-ecc26f00bf9ec8f3cd6384436219504c8d9617f0&lang=de&ds=AVG&pr=fr&d=2012-04-29 18:04:51&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6R8xbKxZ0m&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bae77709c-4fa0-4a4f-815e-ffd0e1446e85%7D&mid=097c801aaa5447d08dcd75f39d326929-ecc26f00bf9ec8f3cd6384436219504c8d9617f0&ds=AVG&v=11.1.0.7&lang=de&pr=fr&d=2012-04-29%2018%3A04%3A51&sap=ku&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\petra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.26 19:10:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.15 16:26:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.12 12:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.12 17:59:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.29 18:03:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.26 19:10:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.03 11:31:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.24 12:34:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.15 16:26:49 | 000,000,000 | ---D | M] [2011.04.13 09:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petra\AppData\Roaming\mozilla\Extensions [2012.06.26 19:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petra\AppData\Roaming\mozilla\Firefox\Profiles\hrpv5rd4.default\extensions [2011.08.01 14:33:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\petra\AppData\Roaming\mozilla\Firefox\Profiles\hrpv5rd4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.03 16:52:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\petra\AppData\Roaming\mozilla\Firefox\Profiles\hrpv5rd4.default\extensions\2020Player_IKEA@2020Technologies.com [2012.06.26 19:10:10 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\petra\AppData\Roaming\mozilla\Firefox\Profiles\hrpv5rd4.default\extensions\ffxtlbr@incredibar.com [2012.06.26 19:09:57 | 000,002,203 | ---- | M] () -- C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\hrpv5rd4.default\searchplugins\MyStart Search.xml [2012.05.03 11:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.29 18:03:11 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.06.12 12:40:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4 [2012.06.26 19:10:03 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.12 17:59:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 [2012.05.03 11:31:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.01.03 20:54:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.12 17:59:32 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.03.13 13:58:30 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.03 20:54:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.03 20:54:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.03 20:54:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.03 20:54:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.03 20:54:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Facebook Update] C:\Users\petra\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - Startup: C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\petra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\petra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\petra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\petra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A91FF006-E3E9-4187-B913-B907919DB51B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 08:42:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.27 08:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.26 19:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v-Grabber [2012.06.26 19:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.06.21 07:53:04 | 000,000,000 | ---D | C] -- C:\Users\petra\AppData\Local\Macromedia [2012.06.12 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [1 C:\Users\petra\Desktop\*.tmp files -> C:\Users\petra\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 12:47:53 | 000,000,000 | ---- | M] () -- C:\Users\petra\defogger_reenable [2012.06.27 12:41:42 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 12:41:42 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 12:40:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.27 12:36:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.27 12:33:12 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys [2012.06.27 10:37:22 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3798010367-166737839-1888609618-1000UA.job [2012.06.27 08:57:56 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.06.27 08:42:16 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.06.27 08:37:01 | 100,743,023 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.06.27 08:08:32 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3798010367-166737839-1888609618-1000Core.job [2012.06.26 19:10:11 | 000,000,684 | ---- | M] () -- C:\user.js [2012.06.26 17:07:13 | 000,417,778 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.06.21 07:47:35 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.06.21 07:47:35 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.06.14 12:33:52 | 000,290,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 22:43:55 | 001,522,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 22:43:55 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 22:43:55 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 22:43:55 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 22:43:55 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 12:40:22 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [1 C:\Users\petra\Desktop\*.tmp files -> C:\Users\petra\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.27 12:47:53 | 000,000,000 | ---- | C] () -- C:\Users\petra\defogger_reenable [2012.06.27 08:42:16 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.06.21 07:49:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.20 22:00:32 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.04.01 13:39:01 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.04.01 13:39:01 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.01.11 20:29:23 | 000,002,528 | ---- | C] () -- C:\Users\petra\AppData\Roaming\$_hpcst$.hpc [2011.04.15 16:41:14 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2011.04.15 16:18:26 | 000,241,469 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.03.03 14:36:59 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.06.26 19:11:32 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\.minecraft [2012.03.22 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\AVG2012 [2012.03.13 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Babylon [2011.08.05 17:53:07 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\DVDVideoSoft [2011.08.01 14:33:08 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.07 22:54:21 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\FRITZ! [2010.06.30 18:00:24 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\OpenOffice.org [2011.09.21 07:47:19 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Origin [2011.05.16 11:29:23 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\PCDr [2012.01.11 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Samsung [2011.07.02 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Simfy [2012.06.16 12:41:10 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\SoftGrid Client [2011.10.14 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\SPORE [2011.10.15 19:32:34 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Thunderbird [2011.03.03 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\TP [2010.06.30 14:29:43 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\WildTangent [2012.06.27 08:08:32 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3798010367-166737839-1888609618-1000Core.job [2012.06.27 10:37:22 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3798010367-166737839-1888609618-1000UA.job [2012.06.21 07:47:35 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012.06.21 07:47:35 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.04.10 12:35:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.27 08:57:56 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > und OTL Extras logfile created on: 27.06.2012 12:54:26 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\petra\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,70% Memory free 7,99 Gb Paging File | 6,14 Gb Available in Paging File | 76,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 390,56 Gb Free Space | 86,58% Space Free | Partition Type: NTFS Computer Name: PETRA-PC | User Name: petra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C69139A-CC8B-4B3C-9B17-6D37AAF3D5C5}" = rport=139 | protocol=6 | dir=out | app=system | "{0D90AE01-AEE9-4A26-9554-BEE7792D395C}" = rport=10243 | protocol=6 | dir=out | app=system | "{1B70AF23-596E-46BF-8A9B-6CE39E097D74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D89F2C3-79FF-4CEF-87ED-6D50DFCEC94E}" = lport=445 | protocol=6 | dir=in | app=system | "{260D064F-42F6-4E95-8E6A-D6ECAE7EB7CB}" = rport=137 | protocol=17 | dir=out | app=system | "{3395C50D-1701-4596-8DF4-64F30904A52C}" = lport=2869 | protocol=6 | dir=in | app=system | "{367FA151-E548-4178-9D04-467B90455944}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{400DE3B5-35E8-4A73-AB99-E6F540C1BA37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{45AD54BD-9DBC-4472-8F74-1F3E3727FE96}" = rport=138 | protocol=17 | dir=out | app=system | "{4B97FF1F-EAF5-424B-A2F6-E12CC2FBE991}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{500FCD22-BC85-4A32-9A2F-A1F08B834D71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{66CE16CD-6465-42BD-8C5C-0F1E1B7F2591}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7646A1F8-D29D-4BDC-AC6F-D5951EDDCC06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{779E3A3D-9E8A-4603-A7E9-B5072E3F7CBA}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | "{84E163D7-3644-4952-8D54-09A618996BE3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{85E10BAD-0996-4432-B7BE-3ACC8DF42A49}" = lport=137 | protocol=17 | dir=in | app=system | "{8BBD3E5B-11BC-4756-BC0A-792A762DA995}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA0F537B-5FD5-4FA1-97F7-7A83D0FE5B43}" = rport=445 | protocol=6 | dir=out | app=system | "{AD1005DC-9CB6-46A3-AB5F-842DB7789199}" = lport=10243 | protocol=6 | dir=in | app=system | "{C40FD2DC-A38E-42B7-B33C-58D7E6EC86C9}" = lport=139 | protocol=6 | dir=in | app=system | "{CF425980-F4BE-4D41-A43C-AACAA8F0001B}" = lport=138 | protocol=17 | dir=in | app=system | "{D076DF74-B179-4170-8868-2A41D5D4D991}" = lport=2869 | protocol=6 | dir=in | app=system | "{DC871FE4-82FC-4F60-9BD0-A4325B867E17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{EDEAE9A4-DB53-415C-B62B-8AD74B810ACE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{F49C2338-B6C9-4CCE-BC5F-9F6B266FB24A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BB576E-1235-4FC1-AB21-E5572ACDA5A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{03507129-F1E2-4202-897E-D41209B68AE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{051DB70A-11C9-4A73-8B59-795EA731D095}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{0BC40D89-9D9F-4C00-8E78-F28E7EB660E4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{1721AA9E-D1B8-461A-8DD5-19900CD5D19D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{182AEF94-48B5-451F-823D-065492ECBF20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{18E197AC-0D9B-4CDA-8066-2EA96A692EC3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{191C08C4-AE53-4E8B-B530-55C63AA43948}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1B66EE76-CD7B-4942-A0D0-8C55542EDC87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E24F563-E9C8-4F5E-9A85-49AD14EB8DAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{2355EC5C-DDA3-4560-96D1-987E985D49FD}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{23F0311C-64D6-45D8-AE2D-D1F84DFBE6E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{263360C2-EFB9-4C92-A72F-4593B8D48002}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{26BCA078-51BE-4AB3-8BCE-679E1E62B7D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2BE244E2-43A8-47AC-8386-B3B4EF028530}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{2ED44E11-F5C5-4A5F-BB00-E6E2D6D80C0E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{32BD55E9-4815-4E73-B6F3-280D0A1D3E6A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{3960F89E-BB9C-42BC-8A20-55FC38A6C62C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{3BEBA7BA-47EE-4A47-9057-02A1A1EAA3BB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{40271632-8122-485B-B265-9187D27C0457}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{412586C0-26F6-4522-9E3B-16F02BCF162A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{435DA1C1-C34E-4DAC-BFBC-2E4CBDF36795}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4F7B3810-4202-40C8-8447-20874B09450E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{534DB06E-B3EA-49B5-A0AA-382782F13DB0}" = protocol=6 | dir=out | app=system | "{582BD32C-8125-4B0B-8E21-DB1DEB69E3EF}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{585D123B-96FC-4789-A9C4-695830C63A04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{621E029E-72EB-4F5F-A13C-318C20932705}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{627074B3-54B3-49C9-9BB7-CDC6DE1A77B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6515A9ED-AF27-4103-BDDA-747871342187}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{6D479A89-45F8-4BE6-B544-BE7377E389DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{707FA9CA-EFAA-431D-A9BA-7607378F43C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{771F87A3-E6F4-4523-9BC9-1C54335FFFBD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{77ECE3C4-AD81-4490-9DB4-4FE5FFBF3760}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7B13765C-6327-481C-9799-810DA399084D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C130B27-2EDC-4815-94DC-20DB867E4C97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7DD2803E-FC00-4842-8F51-36C7B557EE2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{806774FE-E73C-4850-93BC-DB6A3BA31FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{81BDE8F8-52FE-4830-AE55-99B40FF1AE59}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{84DAF2F6-7549-48E2-AF6E-8365EA2EBB5E}" = dir=in | app=c:\users\petra\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{8B4E255E-5681-4D35-B44B-53ADD6CAD820}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{9AD5145C-D87E-4283-885E-7B3DA4A816FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{9B3447D4-9D51-494D-B768-CCC0AA6D1E56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{9CAAC77E-B10E-4D96-9D48-AFA2E1926E60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A17097D7-209D-4705-9382-D1E714FE0839}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{ABCF9C41-FC5C-4F33-9A4D-D9FA345175FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{AC83A13C-B204-40A3-9D68-365463EB0BD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{AE0D765A-C950-4C29-9689-1D7764AB5B94}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{B02A83B3-EA73-4AB2-BC2D-F42BBEBDA674}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{B9ADD64D-7D3A-4B90-8BD0-24BAAF7837C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA4EF9A9-E2AC-42A1-ADD0-262C22BA2EA9}" = dir=in | app=d:\setup\hpznui40.exe | "{C12F29B6-6F46-4810-B490-35084999F387}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{C16EFA4E-DA08-44FA-9F95-6A197FAB0189}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C59298D3-A078-4A40-A78A-B3650D9547BF}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{C7010334-DBFC-4BB1-AF67-C6E00D567DEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{C7653EDA-2A8A-49DA-A8E9-F0F891387861}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{C76A3E98-58B8-4178-BB18-9D4B0E727344}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{C8B5BBB1-E0A3-46EB-90FF-2742C1C1D782}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{D847F517-E2B1-4976-82CB-336298B1B0AF}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{DCAFDCEC-CAAA-4B95-AAC8-E5ED5800E8BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DE94D103-3492-4675-B0D9-9EC787C40807}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{E1FDBE2B-09A4-47FA-B8B7-B3E922962259}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{E46FA436-D243-4DDD-91EE-6FDC1C6922CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E562B8D5-D425-4916-9E1C-3500F42C0DD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{EDE59941-6284-4395-89FC-7BD770463E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{FDC7ADA7-A787-4A3F-BD35-E17571BEA7EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{FE918E69-54B9-424B-AF63-FA06B06D5D3F}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes "{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64 "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.458 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8505C641-422E-4E3C-B6B0-0F070E289FDD}" = TAPI Services for FRITZ!Box "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2012 "Dell Support Center" = Dell Support Center "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian "{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish "{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common "{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese "{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New "{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz "{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing "{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "conduitEngine" = Conduit Engine "DealPly" = DealPly "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Studio_is1" = Free Studio version 5.1.5 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31 "incredibar" = Incredibar Toolbar on IE and Chrome "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "phase-6" = phase-6 2.1.2d "Simfy" = simfy "softonic-Germany Toolbar" = softonic-Germany Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "WildTangent dell Master Uninstall" = WildTangent-Spiele "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-Bit) "Xvid_is1" = Xvid MPEG-4 Video Codec "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.09.2011 12:42:21 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3932) Asapi: (18:42:21:4520)(3932) DEFECT.LOCALIZATION - Error -- Missing String: 9f8591c3-5048-42f7-9553-387b30449f54-0b26b1b3-6704-4eda-91d4-4dd27d06dbc3 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 24.09.2011 12:42:21 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3932) Asapi: (18:42:21:7870)(3932) DEFECT.LOCALIZATION - Error -- Missing String: 5dc4b59a-1f5d-427b-9110-b820c717226b-ea99f498-b3c1-4a2b-9d4b-6d47b924982d : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 24.09.2011 12:42:22 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3932) Asapi: (18:42:22:0670)(3932) DEFECT.LOCALIZATION - Error -- Missing String: 8a6735b1-c078-4648-9416-b6bb29ec3dc1-73fdd448-4cd1-4d2f-86e3-82118f142adf : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 24.09.2011 12:42:22 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3932) Asapi: (18:42:22:3010)(3932) DEFECT.LOCALIZATION - Error -- Missing String: 07439fd5-7039-4014-b635-5bf088a1465b-a714733b-603b-4dbe-8f4f-78a8e338fb7b : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 25.09.2011 05:40:42 | Computer Name = petra-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 25.09.2011 06:11:36 | Computer Name = petra-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 25.09.2011 10:14:07 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3908) Asapi: (16:14:07:4960)(3908) DEFECT.LOCALIZATION - Error -- Missing String: 8a6735b1-c078-4648-9416-b6bb29ec3dc1-73fdd448-4cd1-4d2f-86e3-82118f142adf : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 25.09.2011 10:14:09 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3908) Asapi: (16:14:09:0160)(3908) DEFECT.LOCALIZATION - Error -- Missing String: 9f8591c3-5048-42f7-9553-387b30449f54-0b26b1b3-6704-4eda-91d4-4dd27d06dbc3 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 25.09.2011 10:14:10 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3908) Asapi: (16:14:10:7930)(3908) DEFECT.LOCALIZATION - Error -- Missing String: 07439fd5-7039-4014-b635-5bf088a1465b-a714733b-603b-4dbe-8f4f-78a8e338fb7b : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc Error - 25.09.2011 10:14:11 | Computer Name = petra-PC | Source = PC-Doctor | ID = 1 Description = (3908) Asapi: (16:14:11:2790)(3908) DEFECT.LOCALIZATION - Error -- Missing String: 5dc4b59a-1f5d-427b-9110-b820c717226b-ea99f498-b3c1-4a2b-9d4b-6d47b924982d : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc [ Dell Events ] Error - 28.05.2011 02:54:35 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 13.08.2011 02:00:07 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 13.08.2011 02:00:07 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 26.08.2011 07:15:40 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 26.08.2011 07:15:40 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.08.2011 05:51:11 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.08.2011 05:51:11 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 09.09.2011 08:06:38 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 09.09.2011 08:06:38 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 10.09.2011 05:24:53 | Computer Name = petra-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 25.06.2012 01:49:31 | Computer Name = petra-PC | Source = DCOM | ID = 10016 Description = Error - 25.06.2012 01:53:41 | Computer Name = petra-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 25.06.2012 08:27:44 | Computer Name = petra-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error - 25.06.2012 08:28:00 | Computer Name = petra-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error - 25.06.2012 08:29:02 | Computer Name = petra-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error - 26.06.2012 07:04:47 | Computer Name = petra-PC | Source = DCOM | ID = 10016 Description = Error - 27.06.2012 02:58:59 | Computer Name = petra-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 27.06.2012 02:59:22 | Computer Name = petra-PC | Source = DCOM | ID = 10016 Description = Error - 27.06.2012 04:36:13 | Computer Name = petra-PC | Source = DCOM | ID = 10010 Description = Error - 27.06.2012 06:34:36 | Computer Name = petra-PC | Source = DCOM | ID = 10016 Description = < End of report > Auch habe ich schon einen Scan mit Malwarebytes Anti Malware durchgeführt und hier die Ergebnisse Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 petra :: PETRA-PC [Administrator] 27.06.2012 10:45:04 mbam-log-2012-06-27 (10-45-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 416510 Laufzeit: 1 Stunde(n), 13 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Media Player (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\FoxTabFLVPlayer\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Bitte helft mir weiter, denn das Problem ist immer noch da und es nervt. Danke Petra |
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. |
1.Scan Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 petra :: PETRA-PC [Administrator] 22.03.2012 13:26:35 mbam-log-2012-03-22 (13-26-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203648 Laufzeit: 6 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 26 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 14 C:\Users\petra\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\petra\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\petra\Downloads\MediaPlayerSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\petra\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2.Scan Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 petra :: PETRA-PC [Administrator] 27.06.2012 08:16:51 mbam-log-2012-06-27 (08-16-51).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 1 Laufzeit: 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 3.Scan Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 petra :: PETRA-PC [Administrator] 27.06.2012 08:44:35 mbam-log-2012-06-27 (08-44-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222079 Laufzeit: 8 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\petra\AppData\Local\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\petra\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Users\petra\Downloads\chrysler_radio_code_generator-macosx.sit.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) letzter Scan Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 petra :: PETRA-PC [Administrator] 27.06.2012 10:45:04 mbam-log-2012-06-27 (10-45-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 416510 Laufzeit: 1 Stunde(n), 13 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Media Player (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\FoxTabFLVPlayer\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wäre echt super wenn ihr mir helfen könntet, der Rechner ist extrem langsam... und ich brauche ihn!!! Danke |
Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Code: "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"Code: "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt" |
Hallo, hier die Datei, zumindestens vorläufig, da ich nach 10 Stunden abgebrochen habe, es lief nicht weiter... werde es aber nochmal versuchen... ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f9c196513a6e1343b80a0fd54b948c54 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-03 06:05:17 # local_time=2012-07-03 08:05:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 8819213 8819213 0 0 # compatibility_mode=5893 16776574 100 94 8892674 92886679 0 0 # compatibility_mode=8192 67108863 100 0 127 127 0 0 # scanned=128456 # found=3 # cleaned=0 # scan_time=38688 C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\petra\AppData\Local\Temp\80F83418-BAB0-7891-8AE7-4BF56D89AAC3\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\petra\AppData\Local\Temp\is1373634743\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I Danke Petra So, jetzt habe ich das nochmal durchlaufen lassen. Hier das Ergebniss... ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f9c196513a6e1343b80a0fd54b948c54 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-03 06:05:17 # local_time=2012-07-03 08:05:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 8819213 8819213 0 0 # compatibility_mode=5893 16776574 100 94 8892674 92886679 0 0 # compatibility_mode=8192 67108863 100 0 127 127 0 0 # scanned=128456 # found=3 # cleaned=0 # scan_time=38688 C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\petra\AppData\Local\Temp\80F83418-BAB0-7891-8AE7-4BF56D89AAC3\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\petra\AppData\Local\Temp\is1373634743\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f9c196513a6e1343b80a0fd54b948c54 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-03 08:23:37 # local_time=2012-07-03 10:23:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 8858321 8858321 0 0 # compatibility_mode=5893 16776574 100 94 8931782 92925787 0 0 # compatibility_mode=8192 67108863 100 0 39235 39235 0 0 # scanned=224738 # found=3 # cleaned=0 # scan_time=7880 C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\petra\AppData\Local\Temp\80F83418-BAB0-7891-8AE7-4BF56D89AAC3\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\petra\AppData\Local\Temp\is1373634743\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I Hoffentlich kannst du da was mit anfangen, Danke Petra |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogLade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code: netsvcs
|
Hallo Arne, Hier die OTL.txt Code: OTL logfile created on: 03.07.2012 15:15:09 - Run 2Danke, Petra |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
Hallo, hier nochmal die Daten Code: All processes killed |
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg |
Code: 20:09:46.0031 2288 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11Sorry, war ein paar Tage verhindert... Hier nun die Daten... Danke |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:19 Uhr. |
Copyright ©2000-2025, Trojaner-Board