Upd636A.tmp.exe wird von antivirus als virus erkannt

25.04.2012, 05:38

janige

...neu hier

Beiträge: 1

#1 seit einiger zeit erkennt antivirus immer wieder dateien dieser art als virus:
C:\Users\Janica\AppData\Local\Temp\Upd636A.tmp.exe
ich habe dann immer auf entfernen geklickt aber es scheint ja offensichtlich nicht zu funktioenieren, da das gleiche probleme meist sogar mehrmals am tag wieder auftritt.
seit langem habe ich mich gewundert wieso mein laptop so ungaublich langsam ist und dachte , dass wuerde nur daran liegen, dass es ein kleines notbook ist, das einfach ueberfordert ist mit zu vielen programmen und dateien.

otl:

OTL logfile created on: 4/25/2012 3:20:49 PM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Janica\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013.30 Mb Total Physical Memory | 468.80 Mb Available Physical Memory | 46.26% Memory free
2.18 Gb Paging File | 1.19 Gb Available in Paging File | 54.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 31.48 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 127.69 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 1.12 Gb Free Space | 14.92% Space Free | Partition Type: FAT32

Computer Name: JANICAS-PC | User Name: Janica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/04/25 15:05:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Janica\Desktop\OTL.exe
PRC - [2011/11/11 14:07:59 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011/07/29 11:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/21 22:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/21 01:24:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/16 16:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
PRC - [2011/06/12 04:26:24 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011/06/12 04:26:24 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2011/05/02 01:32:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/26 17:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 01:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/08 19:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 18:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/08 06:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/04/08 06:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/03/26 07:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/03/24 16:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/02/11 02:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 14:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/15 08:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/30 18:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/24 09:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/06/09 19:56:00 | 000,099,632 | ---- | M] () -- C:\Program Files\Stardock\MyColors\WBVista.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/07/29 11:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 11:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2006/08/12 15:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012/04/14 12:02:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/11 14:07:59 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2011/07/21 01:24:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/12 04:26:24 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/05/02 01:32:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/08 06:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 13:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/24 09:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/03/16 09:26:18 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/07/21 01:24:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 01:24:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/15 15:59:01 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/07/08 20:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2010/06/18 01:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/06 11:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/01/27 14:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/07/14 11:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb139?a=6OyyI8ZNpA&i=26
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{A8E6A5DB-B47E-4DDC-B100-4DA164585713}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyyI8ZNpA&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb139?a=6OyyI8ZNpA&i=26"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyyI8ZNpA&&i=26&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Protector by IB\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 12:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/14 12:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/14 12:18:35 | 000,000,000 | ---D | M]

[2012/03/18 18:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janica\AppData\Roaming\mozilla\Extensions
[2012/04/13 21:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janica\AppData\Roaming\mozilla\Firefox\Profiles\ka0yuxgu.default\extensions
[2011/04/21 06:58:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Janica\AppData\Roaming\mozilla\Firefox\Profiles\ka0yuxgu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/13 21:13:09 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Janica\AppData\Roaming\mozilla\Firefox\Profiles\ka0yuxgu.default\extensions\4f8756cd56548@4f8756cd5654a.info
[2011/06/12 04:13:54 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Janica\AppData\Roaming\mozilla\Firefox\Profiles\ka0yuxgu.default\extensions\ffxtlbr@Facemoods.com
[2012/04/13 16:54:09 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Janica\AppData\Roaming\mozilla\Firefox\Profiles\ka0yuxgu.default\extensions\ffxtlbr@incredibar.com
[2012/04/13 16:53:48 | 000,002,203 | ---- | M] () -- C:\Users\Janica\AppData\Roaming\Mozilla\Firefox\Profiles\ka0yuxgu.default\searchplugins\MyStart Search.xml
[2012/04/14 12:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/04/14 12:18:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/16 20:41:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES\PROTECTOR BY IB\FIREFOX
File not found (No name found) -- C:\USERS\JANICA\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM
[2012/03/18 21:08:13 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\JANICA\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2011/03/19 05:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/14 12:18:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/22 12:54:02 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/22 12:54:02 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/22 12:54:02 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/26 20:38:43 | 000,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/04/22 12:54:02 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/26 20:38:44 | 000,001,279 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/22 12:54:02 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/11 09:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>

- {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Janica\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Janica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Janica\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40679EE8-EAB0-45B1-8A9C-768431B1E77C}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/04/25 15:05:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Janica\Desktop\OTL.exe
[2012/04/25 13:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 XPack Trial
[2012/04/25 12:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2012/04/25 12:55:49 | 000,000,000 | ---D | C] -- C:\Users\Janica\Desktop\Downloads
[2012/04/25 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Roaming\GetRightToGo
[2012/04/23 19:45:18 | 000,000,000 | ---D | C] -- C:\Users\Janica\Documents\My Games
[2012/04/23 19:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 YPack Trial
[2012/04/23 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/04/22 12:54:02 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/04/14 12:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/04/14 12:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/04/14 12:12:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\System32\pncrt.dll
[2012/04/14 12:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/04/14 12:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/04/14 12:12:02 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Roaming\Real
[2012/04/13 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/13 16:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012/04/13 16:51:55 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/13 16:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/09 20:32:32 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Local\JollyBear
[2012/04/09 20:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2012/04/09 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Local\{22AACA2E-3C65-4F73-9593-EABED5D1D82B}
[2012/04/06 13:11:43 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Local\{B8326F31-CFB8-4C1C-9B60-26F8012E1787}
[2012/04/06 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\Janica\AppData\Local\{700714AA-05A5-4A1B-8087-1B8902137249}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/04/25 15:24:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/25 15:05:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Janica\Desktop\OTL.exe
[2012/04/25 12:59:15 | 000,001,152 | ---- | M] () -- C:\windows\System32\windrv.sys
[2012/04/25 10:49:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/24 11:44:30 | 000,014,400 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 11:44:30 | 000,014,400 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 10:54:39 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/04/22 10:54:39 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/04/22 10:54:39 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/04/22 10:54:39 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/04/22 09:24:46 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 19:21:47 | 000,124,548 | ---- | M] () -- C:\Users\Janica\Desktop\65084_344498478929506_100001080693871_1009290_1219192880_n-4.jpg
[2012/04/20 19:20:01 | 000,118,604 | ---- | M] () -- C:\Users\Janica\Desktop\306149_339816286068338_100001199089711_946564_440920067_n-2.jpg
[2012/04/20 19:17:35 | 000,126,025 | ---- | M] () -- C:\Users\Janica\Desktop\536645_277264562356765_100002196695055_655961_1425288359_n-2.jpg
[2012/04/14 12:14:31 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Free Movies & Games.lnk
[2012/04/14 12:14:31 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/04/14 12:12:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\System32\pncrt.dll
[2012/04/14 12:07:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/13 21:34:40 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/13 16:54:16 | 000,000,453 | ---- | M] () -- C:\user.js
[2012/04/02 22:24:14 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/04/25 12:59:15 | 000,001,152 | ---- | C] () -- C:\windows\System32\windrv.sys
[2012/04/20 19:21:47 | 000,124,548 | ---- | C] () -- C:\Users\Janica\Desktop\65084_344498478929506_100001080693871_1009290_1219192880_n-4.jpg
[2012/04/20 19:20:01 | 000,118,604 | ---- | C] () -- C:\Users\Janica\Desktop\306149_339816286068338_100001199089711_946564_440920067_n-2.jpg
[2012/04/20 19:17:35 | 000,126,025 | ---- | C] () -- C:\Users\Janica\Desktop\536645_277264562356765_100002196695055_655961_1425288359_n-2.jpg
[2012/04/14 12:14:31 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Free Movies & Games.lnk
[2012/04/14 12:14:31 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/04/13 16:54:13 | 000,000,453 | ---- | C] () -- C:\user.js
[2012/04/11 18:49:49 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 22:24:14 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/01/01 17:16:05 | 001,511,424 | ---- | C] () -- C:\windows\System32\HP1100SM.EXE
[2012/01/01 17:16:04 | 000,147,456 | ---- | C] () -- C:\windows\System32\HP1100LM.DLL
[2012/01/01 17:15:12 | 000,284,160 | ---- | C] () -- C:\windows\System32\mvhlewsi.dll
[2012/01/01 17:15:05 | 000,081,920 | ---- | C] () -- C:\windows\System32\mvusbews.dll
[2012/01/01 17:14:59 | 000,054,272 | ---- | C] () -- C:\windows\System32\HP1100SMs.dll
[2011/09/01 19:15:13 | 000,003,584 | ---- | C] () -- C:\Users\Janica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/12 05:19:08 | 000,386,923 | ---- | C] () -- C:\windows\KMSAct.exe
[2011/06/12 04:27:32 | 000,151,552 | ---- | C] () -- C:\windows\KMService.exe
[2011/06/12 04:27:32 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe
[2011/05/24 03:26:32 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/02/20 23:13:15 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/20 22:01:02 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/15 11:36:21 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/08/15 11:36:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/08/15 11:36:21 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/08/15 11:36:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/08/14 19:22:30 | 000,002,018 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/14 19:15:18 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012/04/09 20:00:25 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\DesktopIconForAmazon
[2012/03/12 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\DVDVideoSoft
[2011/03/07 07:52:52 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/25 12:58:52 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\GetRightToGo
[2012/04/23 09:18:29 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\Media Finder
[2012/01/26 20:37:21 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\OCS
[2011/03/06 05:15:13 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\Opera
[2011/05/09 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\SoftGrid Client
[2011/04/04 06:47:42 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\TP
[2012/04/09 19:43:01 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\uTorrent
[2011/04/09 04:43:49 | 000,000,000 | ---D | M] -- C:\Users\Janica\AppData\Roaming\Windows Live Writer
[2009/07/14 16:53:46 | 000,027,072 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< C:\Users\Janica\AppData\Local\Temp\Upd636A.tmp.exe >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/06/12 23:43:17 | 005,597,707 | ---- | M] ()(C:\Users\Janica\01 Bleeding love ? - The Baseballs.wma) -- C:\Users\Janica\01 Bleeding love ♥ - The Baseballs.wma
[2011/05/01 22:40:46 | 002,743,124 | ---- | M] ()(C:\Users\Janica\I Do Colbie Caillat Lyrics ?.mp3) -- C:\Users\Janica\I Do Colbie Caillat Lyrics ♥.mp3

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:268F887D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9E22BBE8

< End of report >

extras:

OTL Extras logfile created on: 4/25/2012 3:20:49 PM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Janica\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013.30 Mb Total Physical Memory | 468.80 Mb Available Physical Memory | 46.26% Memory free
2.18 Gb Paging File | 1.19 Gb Available in Paging File | 54.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 31.48 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 127.69 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 1.12 Gb Free Space | 14.92% Space Free | Partition Type: FAT32

Computer Name: JANICAS-PC | User Name: Janica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"DivX Setup" = DivX-Setup
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
"InstallShield_{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/12/2012 1:53:08 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: WebKit.dll, Version: 7534.54.16.5,
Zeitstempel: 0x4f581c9c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002ce38 ID des fehlerhaften
Prozesses: 0x1130 Startzeit der fehlerhaften Anwendung: 0x01cd187006602d32 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Safari\Apple Application Support\WebKit.dll
Berichtskennung:
c71a0ff9-8463-11e1-8016-4cedde063c00

Error - 4/13/2012 2:59:40 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x09f63f9d ID des fehlerhaften
Prozesses: 0x13f0 Startzeit der fehlerhaften Anwendung: 0x01cd194252261965 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 3c9579c4-8536-11e1-ba57-4cedde063c00

Error - 4/13/2012 4:45:37 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06f1691d ID des fehlerhaften
Prozesses: 0x9bc Startzeit der fehlerhaften Anwendung: 0x01cd19430da7cea1 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 09ec3824-8545-11e1-ba57-4cedde063c00

Error - 4/13/2012 4:58:04 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x08da3edd ID des fehlerhaften
Prozesses: 0x1594 Startzeit der fehlerhaften Anwendung: 0x01cd1951d32094a4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c7574794-8546-11e1-ba57-4cedde063c00

Error - 4/13/2012 5:02:20 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x02442f5d ID des fehlerhaften
Prozesses: 0x1270 Startzeit der fehlerhaften Anwendung: 0x01cd19538d42ae54 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 601195d2-8547-11e1-ba57-4cedde063c00

Error - 4/13/2012 5:09:34 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07153f9d ID des fehlerhaften
Prozesses: 0x1ccc Startzeit der fehlerhaften Anwendung: 0x01cd195424cd039e Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6297a782-8548-11e1-ba57-4cedde063c00

Error - 4/13/2012 5:16:54 AM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.54.16.5,
Zeitstempel: 0x4f581cb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0725327d ID des fehlerhaften
Prozesses: 0x1c9c Startzeit der fehlerhaften Anwendung: 0x01cd195566b4d593 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 68b656bd-8549-11e1-ba57-4cedde063c00

Error - 4/13/2012 8:15:47 PM | Computer Name = Janicas-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4/13/2012 8:36:14 PM | Computer Name = Janicas-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4/14/2012 6:09:38 PM | Computer Name = Janicas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: skypePM.exe, Version: 2.0.0.67, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ezPMUtils.dll, Version: 2.0.1.144, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002fb64 ID des fehlerhaften Prozesses:
0x203c Startzeit der fehlerhaften Anwendung: 0x01cd1a8b43397e36 Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Plugin Manager\skypePM.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll Berichtskennung: 86480b4c-867e-11e1-ba57-4cedde063c00

[ System Events ]
Error - 4/9/2012 3:54:58 AM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 4/9/2012 3:55:28 AM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 4/9/2012 6:21:17 AM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 4/11/2012 5:59:49 AM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.

Error - 4/12/2012 1:44:12 AM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.

Error - 4/12/2012 7:50:09 PM | Computer Name = Janicas-PC | Source = DCOM | ID = 10005
Description =

Error - 4/12/2012 7:50:09 PM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.

Error - 4/12/2012 7:50:09 PM | Computer Name = Janicas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 4/12/2012 8:54:32 PM | Computer Name = Janicas-PC | Source = DCOM | ID = 10010
Description =

Error - 4/12/2012 8:54:51 PM | Computer Name = Janicas-PC | Source = DCOM | ID = 10010
Description =

< End of report >

vielen dank schonmal im voraus und ich hoffe ich habe alle noetigen infos gegeben, ich habe bei sowas gar keine erfahrung

25.04.2012, 21:51

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Bitte• alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
• keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
• nichts am Rechner arbeiten,
• nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
• Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Zitat

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
• Entferne rechts den Hacken bei:

• IAT/EAT
• Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
• Show all (sollte abgehackt sein)

• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1