Ergebnis 1 bis 3 von 3

Thema: Probleme mit Window 7

  1. #1
    Einsteiger
    Registriert seit
    27.11.2008
    Beiträge
    1

    Probleme mit Window 7

    Hallo seit ein paar Tagen habe ich auch Probleme mit Window 7
    Mein PC stürzt andauernd ab und beginnt neu.
    Habe schon verschiedene Dinge ausprobiert.

    Code:
     Logfile of random's system information tool 1.08 (written by random/random)
    Run by sylvia at 2010-10-09 11:12:01
    Microsoft Windows 7 Home Premium  
    System drive C: has 127 GB (83%) free of 153 GB
    Total RAM: 3581 MB (65% free)
    
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:12:11, on 09.10.2010
    Platform: Windows 7  (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\sylvia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3YY89Q8\RSIT[1].exe
    C:\Program Files (x86)\trend micro\sylvia.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 7299 bytes
    
    ======Scheduled tasks folder======
    
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    
    ======Registry dump======

    Code:
    OTL logfile created on: 09.10.2010 11:27:08 - Run 1
    OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\sylvia\Desktop
    64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
    7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149,05 Gb Total Space | 123,74 Gb Free Space | 83,02% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: SYLVIA-PC
    Current User Name: sylvia
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
     
    ========== Processes (SafeList) ==========
     
    PRC - [2010.10.09 11:26:31 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\sylvia\Desktop\OTL.exe
    PRC - [2010.09.16 17:31:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010.09.16 17:31:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010.09.06 20:03:08 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2010.09.06 20:02:51 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
    PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2010.10.09 11:26:31 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\sylvia\Desktop\OTL.exe
    MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
    MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - [2010.03.25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B BB EE D9 D8 4D CB 01  [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "http://www.tixuma.de/"
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
     
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.16 17:31:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.16 17:31:16 | 000,000,000 | ---D | M]
     
    [2010.09.06 17:52:06 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\mozilla\Extensions
    [2010.10.08 14:57:48 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\mozilla\Firefox\Profiles\ebl45wuq.default\extensions
    [2010.10.08 14:45:04 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\sylvia\AppData\Roaming\mozilla\Firefox\Profiles\ebl45wuq.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2010.10.08 14:45:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\sylvia\AppData\Roaming\mozilla\Firefox\Profiles\ebl45wuq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010.09.07 15:57:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
    [2010.09.07 13:34:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010.09.07 15:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 83.169.184.97
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2010.10.09 11:26:13 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\sylvia\Desktop\OTL.exe
    [2010.10.08 17:15:24 | 000,000,000 | ---D | C] -- C:\Users\sylvia\AppData\Roaming\Avira
    [2010.10.08 15:56:09 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2010.10.08 15:56:09 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010.10.08 15:56:09 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
    [2010.10.08 15:56:09 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
    [2010.10.08 15:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010.10.08 15:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2010.10.06 22:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
    [2010.10.06 22:03:20 | 000,000,000 | ---D | C] -- C:\rsit
    [2010.09.29 22:11:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
    [2010.09.18 10:10:24 | 000,000,000 | ---D | C] -- C:\Users\sylvia\AppData\Roaming\Uniblue
    [2010.09.16 18:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2010.09.16 18:05:56 | 000,000,000 | ---D | C] -- C:\Users\sylvia\AppData\Local\NPE
    [2010.09.16 18:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
    [2010.09.15 22:34:33 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
    [2010.09.10 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared HiJackFree
     
    ========== Files - Modified Within 30 Days ==========
     
    [2010.10.09 11:26:46 | 001,048,576 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat
    [2010.10.09 11:26:31 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\sylvia\Desktop\OTL.exe
    [2010.10.09 11:23:59 | 000,293,376 | ---- | M] () -- C:\Users\sylvia\Desktop\5bud1qoq.exe
    [2010.10.09 11:22:18 | 000,000,000 | ---- | M] () -- C:\Users\sylvia\defogger_reenable
    [2010.10.09 11:22:07 | 000,050,477 | ---- | M] () -- C:\Users\sylvia\Desktop\Defogger.exe
    [2010.10.09 11:14:56 | 000,339,991 | ---- | M] () -- C:\Users\sylvia\Desktop\RSIT.exe
    [2010.10.09 11:08:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010.10.09 10:57:04 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010.10.09 10:57:04 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010.10.09 10:49:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010.10.09 10:49:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010.10.09 10:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010.10.09 10:49:28 | 2816,598,016 | -HS- | M] () -- C:\hiberfil.sys
    [2010.10.08 22:40:55 | 001,150,040 | -H-- | M] () -- C:\Users\sylvia\AppData\Local\IconCache.db
    [2010.10.08 15:56:20 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010.10.08 14:46:50 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{186f4f7b-d2d9-11df-bd86-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.08 14:46:50 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{186f4f7b-d2d9-11df-bd86-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.08 14:46:50 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{186f4f7b-d2d9-11df-bd86-00241d8db14d}.TM.blf
    [2010.10.08 11:02:39 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{d08f6154-d2b9-11df-8c16-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.08 11:02:39 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{d08f6154-d2b9-11df-8c16-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.08 11:02:39 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{d08f6154-d2b9-11df-8c16-00241d8db14d}.TM.blf
    [2010.10.07 20:16:16 | 000,001,327 | ---- | M] () -- C:\Users\sylvia\Documents\paid-night -mailer.rtf
    [2010.10.07 19:45:31 | 000,001,569 | ---- | M] () -- C:\Users\sylvia\Documents\Jaqmailer.rtf
    [2010.10.06 20:18:20 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{0cb02373-d176-11df-b876-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.06 20:18:20 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{0cb02373-d176-11df-b876-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.06 20:18:20 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{0cb02373-d176-11df-b876-00241d8db14d}.TM.blf
    [2010.10.06 19:39:23 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{9b2407d3-d170-11df-8f45-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.06 19:39:23 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{9b2407d3-d170-11df-8f45-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.06 19:39:23 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{9b2407d3-d170-11df-8f45-00241d8db14d}.TM.blf
    [2010.10.06 19:34:15 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{e2f65f53-d16f-11df-9066-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.06 19:34:15 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{e2f65f53-d16f-11df-9066-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.06 19:34:15 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{e2f65f53-d16f-11df-9066-00241d8db14d}.TM.blf
    [2010.09.20 12:30:09 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{f3d64329-c4a1-11df-bf0f-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.09.20 12:30:09 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{f3d64329-c4a1-11df-bf0f-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.09.20 12:30:09 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{f3d64329-c4a1-11df-bf0f-00241d8db14d}.TM.blf
    [2010.09.18 09:46:43 | 000,734,710 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2010.09.18 09:46:43 | 000,635,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010.09.18 09:46:43 | 000,154,824 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2010.09.18 09:46:43 | 000,128,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010.09.18 09:46:43 | 000,004,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010.09.11 22:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{c1f27e87-bdcd-11df-87a4-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.09.11 22:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{c1f27e87-bdcd-11df-87a4-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.09.11 22:15:31 | 000,065,536 | -HS- | M] () -- C:\Users\sylvia\ntuser.dat{c1f27e87-bdcd-11df-87a4-00241d8db14d}.TM.blf
     
    ========== Files Created - No Company Name ==========
     
    [2010.10.09 11:23:56 | 000,293,376 | ---- | C] () -- C:\Users\sylvia\Desktop\5bud1qoq.exe
    [2010.10.09 11:22:18 | 000,000,000 | ---- | C] () -- C:\Users\sylvia\defogger_reenable
    [2010.10.09 11:22:04 | 000,050,477 | ---- | C] () -- C:\Users\sylvia\Desktop\Defogger.exe
    [2010.10.09 11:14:49 | 000,339,991 | ---- | C] () -- C:\Users\sylvia\Desktop\RSIT.exe
    [2010.10.08 15:56:20 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010.10.08 14:46:50 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{186f4f7b-d2d9-11df-bd86-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.08 14:46:50 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{186f4f7b-d2d9-11df-bd86-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.08 14:46:50 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{186f4f7b-d2d9-11df-bd86-00241d8db14d}.TM.blf
    [2010.10.08 11:02:39 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{d08f6154-d2b9-11df-8c16-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.08 11:02:39 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{d08f6154-d2b9-11df-8c16-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.08 11:02:39 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{d08f6154-d2b9-11df-8c16-00241d8db14d}.TM.blf
    [2010.10.07 20:13:04 | 000,001,327 | ---- | C] () -- C:\Users\sylvia\Documents\paid-night -mailer.rtf
    [2010.10.07 19:45:31 | 000,001,569 | ---- | C] () -- C:\Users\sylvia\Documents\Jaqmailer.rtf
    [2010.10.06 20:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{0cb02373-d176-11df-b876-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.06 20:18:20 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{0cb02373-d176-11df-b876-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.06 20:18:20 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{0cb02373-d176-11df-b876-00241d8db14d}.TM.blf
    [2010.10.06 19:39:23 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{9b2407d3-d170-11df-8f45-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.06 19:39:23 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{9b2407d3-d170-11df-8f45-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.06 19:39:23 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{9b2407d3-d170-11df-8f45-00241d8db14d}.TM.blf
    [2010.10.06 19:34:15 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{e2f65f53-d16f-11df-9066-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.10.06 19:34:15 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{e2f65f53-d16f-11df-9066-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.10.06 19:34:15 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{e2f65f53-d16f-11df-9066-00241d8db14d}.TM.blf
    [2010.10.04 19:16:01 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
    [2010.09.20 12:30:09 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{f3d64329-c4a1-11df-bf0f-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.09.20 12:30:09 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{f3d64329-c4a1-11df-bf0f-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.09.20 12:30:09 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{f3d64329-c4a1-11df-bf0f-00241d8db14d}.TM.blf
    [2010.09.11 19:55:55 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{c1f27e87-bdcd-11df-87a4-00241d8db14d}.TMContainer00000000000000000002.regtrans-ms
    [2010.09.11 19:55:55 | 000,524,288 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{c1f27e87-bdcd-11df-87a4-00241d8db14d}.TMContainer00000000000000000001.regtrans-ms
    [2010.09.11 19:55:55 | 000,065,536 | -HS- | C] () -- C:\Users\sylvia\ntuser.dat{c1f27e87-bdcd-11df-87a4-00241d8db14d}.TM.blf
    [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    < End of report >

    Code:
     OTL Extras logfile created on: 09.10.2010 11:27:08 - Run 1
    OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\sylvia\Desktop
    64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
    7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149,05 Gb Total Space | 123,74 Gb Free Space | 83,02% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: SYLVIA-PC
    Current User Name: sylvia
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Essentials" = Microsoft Security Essentials
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
    "{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
    "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
    "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
    "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "123 Free Puzzle" = 123 Free Puzzle
    "123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.1
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite_Wave3" = Windows Live Essentials
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 08.10.2010 07:54:46 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 08.10.2010 08:41:12 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 08.10.2010 08:47:49 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 08.10.2010 09:46:14 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 08.10.2010 09:52:54 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 08.10.2010 09:54:26 | Computer Name = sylvia-PC | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\sylvia\AppData\Local\Temp\RarSFX0\redist.dll".
    Die
     abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
     konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
     "sxstrace.exe".
     
    Error - 08.10.2010 11:16:02 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 09.10.2010 04:29:30 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 09.10.2010 04:36:15 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 09.10.2010 04:51:01 | Computer Name = sylvia-PC | Source = WinMgmt | ID = 10
    Description = 
     
    [ System Events ]
    Error - 08.10.2010 08:42:00 | Computer Name = sylvia-PC | Source = Service Control Manager | ID = 7023
    Description = Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet:
       %%1747
     
    Error - 08.10.2010 08:46:22 | Computer Name = SYLVIA-PC | Source = Microsoft Antimalware | ID = 2004
    Description = Fehler in %%861 beim Laden von Signaturen. Es wird versucht, einen
     bekannten Signatursatz wiederherzustellen.     Versuchte Signaturen: %%824     Fehlercode:
     0x80070002     Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.
          Signaturversion: 0.0.0.0;0.0.0.0     Modulversion: 0.0.0.0
     
    Error - 08.10.2010 08:42:05 | Computer Name = sylvia-PC | Source = Service Control Manager | ID = 7023
    Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
     
    Error - 08.10.2010 08:51:01 | Computer Name = sylvia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installationsfehler: Die Installation des folgenden Updates ist mit
     Fehler 0x8024200d fehlgeschlagen: Security Update for Microsoft .NET Framework 
    3.5.1, Windows 7, and Windows Server 2008 R2 for x64-based Systems (KB2416471)
     
    Error - 08.10.2010 09:44:45 | Computer Name = sylvia-PC | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am ?08.?10.?2010 um 15:42:58 unerwartet heruntergefahren.
     
    Error - 08.10.2010 09:51:25 | Computer Name = sylvia-PC | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am ?08.?10.?2010 um 15:49:37 unerwartet heruntergefahren.
     
    Error - 08.10.2010 09:56:33 | Computer Name = sylvia-PC | Source = Service Control Manager | ID = 7006
    Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
     fehlgeschlagen:   %%5
     
    Error - 08.10.2010 11:14:37 | Computer Name = sylvia-PC | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am ?08.?10.?2010 um 17:13:17 unerwartet heruntergefahren.
     
    Error - 09.10.2010 04:34:49 | Computer Name = sylvia-PC | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am ?09.?10.?2010 um 10:32:54 unerwartet heruntergefahren.
     
    Error - 09.10.2010 04:49:31 | Computer Name = sylvia-PC | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am ?09.?10.?2010 um 10:47:43 unerwartet heruntergefahren.
     
     
    < End of report >

  2. #2
    Moderator Team-Mitglied Avatar von fingerschmuckrock
    Registriert seit
    24.10.2009
    Ort
    Würzburg
    Beiträge
    3.984

    AW: Probleme mit Window 7

    Willkommen im HijackThis.de Supportforum,

    ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
    Bevor wir anfangen, hier noch ein paar lästige, aber wichtige und grundsätzliche Punkte, die von Dir zu beachten sind:
    • Respektiere unsere Forenregeln und
    • sei nicht zu ungeduldig, wenn es mal etwas länger dauert, bis wir antworten.
    • Es gibt grundsätzlich keinen Support per PN oder Mail.
    • Wir bereinigen keine Rechner, die geschäftlich genutzt werden,
    • und/oder Rechner, die Cracks oder sonstige Hacks enthalten, die es ermöglichen, Bezahlsoftware ohne Bezahlung zu nutzen.
    • Es ist wichtig, dass Du solange mitarbeitest, bis alle Punkte abgearbeitet sind und das Signal kommt, dass die Bereinigung beendet ist, auch wenn die Symptome vielleicht schon nach den ersten Aktionen verschwunden sein sollten.
    • Hinweis: Die Logfiles, die wir von dir anfordern, können evtl. deinen vollständigen Namen enthalten. Zensiere ihn, bevor du antwortest, wenn du ihn nicht veröffentlichen möchtest (du erklärst dich mit Punkt 9 unserer Forenregeln einverstanden).
    • Bitte alle Logfiles in Code-Tags posten.
    • Entfernungs-Programme (Removal-Tools) ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
    • Du kannst Deine Beiträge über den "Ändern-Button" jederzeit ergänzen/ändern/löschen.

    Wichtig:
    • Während unserer Reinigungphase nur Programme installieren und Scans durchführen, die wir anordnen.
    • Während der Bereinigung alle externen Medien, wie USB-Sticks, externe Festplatten und Flash-Karten an den Rechner anschließen!
    • Wenn Du dazu bereit bist, arbeite die folgenden Punkte unbedingt in der vorgegebenen Reihenfolge ab.
    • Das ist deshalb so wichtig, weil häufig der eine Punkt den anderen voraussetzt!
    • Wenn bei einem Punkt etwas unklar ist oder etwas nicht (wie geplant) funktioniert, bitte nachfragen, bevor Du weitermachst.
    • Berichte mir zu jedem Punkt, ob Du ihn erledigt hast.

    Vista & Win7 User:
    • Bitte alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und "als Administrator ausführen" starten.
    • Teile uns mit, falls auf dem Rechner eine 64Bit-Version von Vista bzw Win7 läuft, da viele Entfernungs-Tools damit nicht funktionieren.
    • Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
      Am Ende unserer Arbeit, kannst wieder rückgängig machen!




    ===== Punkt 1 =====


    Leider hatten wir bisher keine freien Kapazitäten.
    Kannst Du bitte nochmal ein aktuelles Logfile von OTL posten?

  3. #3
    Moderator Team-Mitglied Avatar von fingerschmuckrock
    Registriert seit
    24.10.2009
    Ort
    Würzburg
    Beiträge
    3.984

    AW: Probleme mit Window 7

    Fehlende Rückmeldung

    Gibt es Probleme beim Abarbeiten obiger Anleitung, wenn ja welche? Wenn ich innerhalb von fünf Tagen keine Rückmeldung von Dir erhalte, gehe ich davon aus, dass Du nicht mehr weitermachen möchtest und werde diesen Thread kommentarlos schließen, damit Kapazitäten für andere wartende User frei werden.

    Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Window XP ~ Kompletter rausschmiss ~
    Von Twilightfreaky im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 13.05.2010, 10:35
  2. Window Vista spinnt
    Von Uvke im Forum Vista-Archiv
    Antworten: 1
    Letzter Beitrag: 29.07.2008, 02:27
  3. Error window because virus
    Von nqtngoc im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 22.10.2006, 17:44
  4. My Computer may go out the window!!
    Von Dan1954 im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 05.03.2006, 01:06
  5. Shellconhidden window
    Von tweetyone im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 08.07.2005, 02:06

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •