Weisser Bildschirm und Meldung "Verbindung wird hergestellt.

Krames · 22.04.2012, 20:35

Hallo

habe hier einen Laptop stehen der glaube ich für euch einen alten Bekannten Virus sich eingefangen hat.
Nach dem Anmelden kommt ein Weisser Bildschirm und es steht der Satz:
Bitte warten Sie während die Verbindung hergestellt wird.

anbei die txt-Datei nach nem Scan:

Konnte die Datei leider nicht hochladen sorry

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 4/22/2012 10:04:28 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.62 Gb Total Space | 11.66 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive D: | 29.67 Gb Total Space | 29.58 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.86 Gb Free Space | 87.60% Space Free | Partition Type: NTFS
Drive X: | 1009.95 Mb Total Space | 689.34 Mb Free Space | 68.26% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/16 11:17:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 13:00:35 | 003,417,376 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/10 17:14:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/07 06:37:32 | 001,459,424 | ---- | M] () [Auto] -- C:\Program Files\Security Administrator\newlock.exe -- (DeskSaverService)
SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/29 12:28:12 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 08:08:16 | 000,018,656 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 06:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/28 15:34:10 | 000,079,360 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/21 13:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto] -- C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2009/08/17 21:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (GEARAspiWDM)
DRV - [2012/02/15 14:01:09 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 09:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/03 06:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/03/30 22:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/02/05 13:25:12 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/10/15 13:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009/10/15 13:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand] -- C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2009/08/17 22:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/04/28 22:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/11/09 00:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/22 05:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 05:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 05:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/11/10 10:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2002/09/19 16:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002/08/15 04:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
DRV - [2001/11/05 03:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 03:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\administrator2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Krames_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Krames_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Krames_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Krames_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F FA E9 69 55 A0 CA 01  [binary data]
IE - HKU\Krames_ON_C\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - Reg Error: Key error. File not found
IE - HKU\Krames_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Krames_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2010/05/18 15:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krames\AppData\Roaming\Mozilla\Extensions
[2011/08/24 13:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krames\AppData\Roaming\Mozilla\Firefox\Profiles\461q3f9x.default\extensions
[2011/08/22 10:38:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Krames\AppData\Roaming\Mozilla\Firefox\Profiles\461q3f9x.default\extensions\ffxtlbr@babylon.com
[2011/03/22 13:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 16:35:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 15:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/20 11:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/22 13:57:28 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKU\Krames_ON_C\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\Krames_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\Krames_ON_C\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SHIWebOnDiskManager] C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe (SHI Elektronische Medien GmbH)
O4 - HKU\Krames_ON_C..\Run: [5kS43ADO0bzprWo] C:\Users\Krames\AppData\Roaming\soundblaster_fx648.exe ()
O4 - HKU\Krames_ON_C..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\administrator2_ON_C\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\Krames_ON_C\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = syntpenh.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = shiwebondiskmanager.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = avgnt.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = adobearm.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = googletoolbarnotifier.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = kalenderchen.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7? = netsession_win.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8? = soundblaster_fx648.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9? = newadmin.exe
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\Krames_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/22 12:13:42 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/29 17:11:08 | 000,000,000 | ---D | M] - E:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2011/05/23 03:55:26 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099/03/19 15:45:58 | 000,212,992 | ---- | C] (Acro Software Inc.) -- C:\Windows\System32\cutesave.exe
[2099/03/19 15:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomPdf
[2099/03/19 15:44:26 | 001,142,784 | ---- | C] (Tidestone Technologies, Inc.) -- C:\Windows\System32\TTF16.ocx
[2099/03/19 15:44:26 | 000,163,840 | ---- | C] (Tidestone Technologies, Inc.) -- C:\Windows\System32\TTF16DE.DLL
[2099/03/19 15:41:25 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2050/05/15 02:01:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/04/18 20:55:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/04/18 15:13:09 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Avira
[2012/04/18 15:08:53 | 000,000,000 | ---D | C] -- C:\Users\administrator2\Documents\WEKA
[2012/04/18 15:07:43 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/18 15:07:43 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/18 15:07:43 | 000,000,000 | -H-D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/04/18 15:07:24 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Identities
[2012/04/18 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\VirtualStore
[2012/04/18 15:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\AppData\Local\Verlauf
[2012/04/18 15:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\AppData\Local\Temporary Internet Files
[2012/04/18 15:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Documents\Eigene Videos
[2012/04/18 15:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Documents\Eigene Musik
[2012/04/18 15:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Documents\Eigene Bilder
[2012/04/18 15:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\AppData\Local\Anwendungsdaten
[2012/04/18 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\LocalLow
[2012/04/18 15:06:21 | 000,000,000 | --SD | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft
[2012/04/18 15:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/18 15:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Temp
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Microsoft Help
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Microsoft
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Media Center Programs
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Macromedia
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local
[2012/04/18 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2
[2012/04/18 14:48:23 | 000,000,000 | -H-D | C] -- C:\Security Administrator
[2012/04/18 14:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Administrator
[2012/04/18 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Security Administrator
[2012/04/16 11:17:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/11 17:55:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 17:55:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 17:55:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/11 17:55:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 17:55:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 17:55:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 17:55:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 15:10:56 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/22 14:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 13:43:41 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 13:43:41 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 13:40:01 | 000,836,234 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/22 13:40:01 | 000,779,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/22 13:40:01 | 000,201,596 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/22 13:40:01 | 000,173,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/22 13:38:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 13:35:18 | 2816,872,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 20:57:42 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat
[2012/04/18 20:35:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/18 20:23:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 14:27:53 | 000,001,978 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe Web Browser.lnk
[2012/04/18 14:27:53 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Lock.lnk
[2012/04/18 14:27:53 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Safe Web Browser.lnk
[2012/04/18 14:27:53 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Screen Lock.lnk
[2012/04/18 14:27:53 | 000,001,067 | ---- | M] () -- C:\Users\Krames\Desktop\Security Administrator.lnk
[2012/04/18 14:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Administrator
[2012/04/16 15:04:18 | 000,210,432 | ---- | M] () -- C:\Users\Krames\AppData\Roaming\soundblaster_fx648.exe
[2012/04/16 11:17:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/16 11:17:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/12 07:27:42 | 000,001,107 | ---- | M] () -- C:\Users\Krames\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2012/04/12 07:23:05 | 000,435,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/11 17:16:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moeller Software
[2012/04/11 15:46:18 | 000,000,284 | ---- | M] () -- C:\Users\Krames\Documents\cc_20120411_214559.reg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2099/03/19 15:45:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\cute2mon2k.dll
[2099/03/19 15:45:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\uninstcp.exe
[2012/04/18 20:57:42 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat
[2012/04/18 15:07:50 | 000,001,413 | ---- | C] () -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/18 15:06:21 | 000,000,290 | ---- | C] () -- C:\Users\administrator2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/18 15:06:21 | 000,000,272 | ---- | C] () -- C:\Users\administrator2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/18 14:27:53 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe Web Browser.lnk
[2012/04/18 14:27:53 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Lock.lnk
[2012/04/18 14:27:53 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Safe Web Browser.lnk
[2012/04/18 14:27:53 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Screen Lock.lnk
[2012/04/18 14:27:53 | 000,001,067 | ---- | C] () -- C:\Users\Krames\Desktop\Security Administrator.lnk
[2012/04/18 14:27:52 | 000,001,097 | ---- | C] () -- C:\Users\Krames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Administrator.lnk
[2012/04/16 15:04:20 | 000,210,432 | ---- | C] () -- C:\Users\Krames\AppData\Roaming\soundblaster_fx648.exe
[2012/04/16 11:17:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 15:46:06 | 000,000,284 | ---- | C] () -- C:\Users\Krames\Documents\cc_20120411_214559.reg
[2011/11/04 13:08:15 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/08/23 15:17:50 | 000,005,002 | ---- | C] () -- C:\ProgramData\bwxcldpn.mmu
[2011/08/22 11:56:30 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2011/07/26 08:59:05 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 01:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/19 10:27:00 | 000,001,940 | ---- | C] () -- C:\Users\Krames\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/03 16:23:37 | 000,000,245 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/11 05:28:02 | 000,000,396 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2010/05/14 16:56:29 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2010/02/05 13:25:12 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/02/01 15:37:02 | 000,007,601 | ---- | C] () -- C:\Users\Krames\AppData\Local\resmon.resmoncfg
[2010/01/28 16:09:11 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/28 15:05:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/27 17:18:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 04:47:43 | 000,836,234 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,201,596 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,435,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,779,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,173,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 14:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/05 08:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 08:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2005/12/21 12:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005/12/21 12:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 12:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003/02/20 13:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/02/01 15:21:14 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Ansys
[2011/05/05 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Autodesk
[2011/08/22 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Babylon
[2010/10/05 14:48:09 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\DYMO
[2010/07/14 10:32:51 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\EIBA sc
[2012/02/03 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\elsterformular
[2011/06/27 04:42:48 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\JGoodies
[2011/10/23 03:56:34 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Kalenderchen
[2011/08/23 15:17:54 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\MOVAVI
[2010/12/25 15:39:06 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\NCH Swift Sound
[2010/11/04 16:22:22 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Perspectix
[2011/05/18 10:13:12 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\PhotoScape
[2011/12/09 17:48:33 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Reviversoft
[2011/11/03 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\Tific
[2011/02/28 16:08:46 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\TuneUp Software
[2011/11/04 12:42:31 | 000,000,000 | ---D | M] -- C:\Users\Krames\AppData\Roaming\WinBatch
[2010/01/27 17:24:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/05/23 03:55:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011/08/22 10:38:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/01/27 17:24:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/05/31 09:41:11 | 000,000,000 | ---D | M] -- C:\ProgramData\EasternGraphics
[2010/02/05 13:24:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Elka Shared
[2012/04/03 04:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2011/01/28 13:39:43 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2010/01/27 17:24:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/27 14:14:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Fighters
[2011/01/17 14:26:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaco
[2010/12/06 14:46:10 | 000,000,000 | ---D | M] -- C:\ProgramData\KNX
[2011/10/28 16:20:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Lernwerkstatt 8
[2010/12/25 15:40:00 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2011/12/09 17:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/11/02 15:44:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Perspectix
[2010/11/11 05:31:20 | 000,000,000 | ---D | M] -- C:\ProgramData\SHI
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/01/27 17:24:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/02/01 14:14:55 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/28 16:10:28 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/01/27 17:24:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/10/18 12:36:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\{187CDB7E-5180-4643-A637-F6CA293521DB}
[2011/02/28 16:06:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/07 15:06:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\{599E53C0-48DF-4A06-B070-8598456CD71C}
[2011/10/18 12:35:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{8CDFAF9A-B88D-4006-81F1-9D33BC1B78B0}
[2011/06/22 16:24:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/02/28 15:58:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/03/06 08:40:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

cosinus · 22.04.2012, 21:06

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Krames · 22.04.2012, 21:12

Hallo

habe einen zweiten Admin angelegt mit dem ich mich anmelden kann normal.
Bei dem Account bleibt der Bildschirm normal.
Weiss nicht ob das hilft.
Im abgesicherten Modus mit dem befallenen Benutzer kommt ebenfalls der weisse Bildschirm.

Gruss

Krames

cosinus · 22.04.2012, 21:15

Zitat:

habe einen zweiten Admin angelegt mit dem ich mich anmelden kann normal.
Bei dem Account bleibt der Bildschirm normal.

Gut, dann unter diesem Konto erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Krames · 23.04.2012, 05:24

malwarebytes log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.22.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
administrator2 :: KRAMES-PC [Administrator]

22.04.2012 23:40:50
mbam-log-2012-04-22 (23-40-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 549515
Laufzeit: 3 Stunde(n), 41 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\Users\Krames\AppData\Local\Temp\ilmptueofsrse.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\jpxpnqghihovlnc.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\lzdqoxsvjvhohfwquu.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\odkdsykghjkucurchn.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\pemqztgtkrehumfjdhgyulln.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\rkkwchyprbxumentkmtfiy.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\aeqzoxgyhaabsdjfigkhvdlc.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\dyhbywqeptbglclfmy.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\gzzvvfrggobuhp.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\skxanvcprsrnfskyes.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\xeyosehccmuqa.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Local\Temp\xhcggzvlmlkfseqjixdudny.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Krames\AppData\Roaming\soundblaster_fx648.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Matthias Krames\Downloads\Ets30f\Ets3ProSetup.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Sven Krames\Ets30f\Ets3ProSetup.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 23.04.2012, 09:35

Zitat:

E:\Matthias Krames\Downloads\Ets30f\Ets3ProSetup.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Sven Krames\Ets30f\Ets3ProSetup.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Was ist das und aus welcher Quelle stammt das?

Krames · 23.04.2012, 11:46

Software zur Programmierung von EIB Installation in der Haustechnik

Log Datei esets.
Hatte allerdings 3 Funde gemeldet.

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

cosinus · 23.04.2012, 12:15

Zitat:

Software zur Programmierung von EIB Installation in der Haustechnik

Die Frage nach der Quelle wurde nicht beantwortet

Zitat:

Hatte allerdings 3 Funde gemeldet.

ESET hast du falsch gemacht. Stand extra ein dicker Hinweis zu, warum überlesen das so viele?

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Krames · 23.04.2012, 12:18

sorry wer lesen kann ist klar im vorteil.

Zitat:

Zitat von cosinus

Die Frage nach der Quelle wurde nicht beantwortet

Hersteller CD

cosinus · 23.04.2012, 12:28

Ok, dann ist das ein Fehlalarm. Wenn man die Quelle weiß kann man besser einschätzen ob es eher ein Fehlalarm ist oder nicht

Krames · 23.04.2012, 19:45

log eset:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35a878f2d53c104c84fc1ef35ee7247c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-23 04:01:41
# local_time=2012-04-23 06:01:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT 
# compatibility_mode=1792 16777215 100 0 15527917 15527917 0 0
# compatibility_mode=5893 16776574 100 94 23486155 86811062 0 0
# compatibility_mode=8192 67108863 100 0 20998 20998 0 0
# scanned=385462
# found=3
# cleaned=0
# scan_time=17030
C:\Program Files\FoxTab3GPConverter\3GPConverter.exe	a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Krames\AppData\Local\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Krames\Downloads\installer_sony_dcr-trv238e_usb_driver.exe	Win32/Toggle application (unable to clean)	00000000000000000000000000000000	I

cosinus · 23.04.2012, 21:25

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Krames · 23.04.2012, 21:28

sieht sehr gut aus.
Benutzer kann wieder angemeldet werden.
Startmenü sieht auch vollständig aus.

cosinus · 23.04.2012, 21:29

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Krames · 23.04.2012, 21:58

Code:

ATTFilter

OTL logfile created on: 23.04.2012 22:36:24 - Run 1
OTL by OldTimer - Version 3.2.41.0     Folder = C:\Users\administrator2\Desktop
 Home Premium Edition  (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 63,50% Memory free
6,99 Gb Paging File | 5,59 Gb Available in Paging File | 79,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86,62 Gb Total Space | 11,15 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 100,86 Gb Free Space | 87,60% Space Free | Partition Type: NTFS
 
Computer Name: KRAMES-PC | User Name: administrator2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.23 22:32:25 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\administrator2\Desktop\OTL.exe
PRC - [2012.04.16 17:17:03 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.07 12:37:32 | 001,459,424 | ---- | M] () -- C:\Programme\Security Administrator\newlock.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.07.27 18:22:20 | 000,483,328 | ---- | M] (SHI Elektronische Medien GmbH) -- C:\Programme\WEKA\Erstmalige und wiederkehrende Prüfung von elektrischen Anlagen\SHIWebOnDisk.exe
PRC - [2010.05.18 23:01:12 | 003,498,496 | ---- | M] (Daniel Manger Software) -- C:\Programme\Kalenderchen\Kalenderchen.exe
PRC - [2010.04.03 20:56:08 | 042,884,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe
PRC - [2010.04.03 12:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.21 19:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.07.27 18:22:26 | 000,045,056 | ---- | M] () -- C:\Programme\WEKA\Erstmalige und wiederkehrende Prüfung von elektrischen Anlagen\webapp\standard\dll\SHINativeUtil.dll
MOD - [2010.07.27 18:22:10 | 001,351,168 | ---- | M] () -- C:\Programme\WEKA\Erstmalige und wiederkehrende Prüfung von elektrischen Anlagen\ip-engine\StdFTS\cpl25m.dll
MOD - [2010.07.27 18:22:10 | 000,655,360 | ---- | M] () -- C:\Programme\WEKA\Erstmalige und wiederkehrende Prüfung von elektrischen Anlagen\ip-engine\StdFTS\config\prod\rca\SHICplUni.dll
MOD - [2010.07.27 18:22:10 | 000,296,960 | ---- | M] () -- C:\Programme\WEKA\Erstmalige und wiederkehrende Prüfung von elektrischen Anlagen\ip-engine\StdFTS\config\prod\lss\lss_unic.dll
MOD - [2010.07.27 18:22:10 | 000,226,816 | ---- | M] () -- C:\Programme\WEKA\Erstmalige und wiederkehrende Prüfung von elektrischen Anlagen\ip-engine\StdFTS\config\prod\lss\lss_back.dll
MOD - [2010.07.27 18:20:30 | 000,045,056 | ---- | M] () -- C:\Programme\WEKA\DIN VDE 0701-0702 2008-06\webapp\standard\dll\SHINativeUtil.dll
MOD - [2010.07.27 18:20:14 | 001,351,168 | ---- | M] () -- C:\Programme\WEKA\DIN VDE 0701-0702 2008-06\ip-engine\StdFTS\cpl25m.dll
MOD - [2010.07.27 18:20:14 | 000,655,360 | ---- | M] () -- C:\Programme\WEKA\DIN VDE 0701-0702 2008-06\ip-engine\StdFTS\config\prod\rca\SHICplUni.dll
MOD - [2010.07.27 18:20:14 | 000,296,960 | ---- | M] () -- C:\Programme\WEKA\DIN VDE 0701-0702 2008-06\ip-engine\StdFTS\config\prod\lss\lss_unic.dll
MOD - [2010.07.27 18:20:14 | 000,226,816 | ---- | M] () -- C:\Programme\WEKA\DIN VDE 0701-0702 2008-06\ip-engine\StdFTS\config\prod\lss\lss_back.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.16 17:17:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.28 19:00:35 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.03.10 23:14:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.07 12:37:32 | 001,459,424 | ---- | M] () [Auto | Running] -- C:\Programme\Security Administrator\newlock.exe -- (DeskSaverService)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.29 18:28:12 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.03 20:56:08 | 042,884,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe -- (MSSQL$KNXETS4) SQL Server (KNXETS4)
SRV - [2010.04.03 20:56:08 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$KNXETS4) SQL Server Agent (KNXETS4)
SRV - [2010.04.03 20:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010.04.03 12:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.04.03 12:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.28 21:34:10 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.10.21 19:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\mjkix.sys -- (onaifvh)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012.02.15 20:01:09 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010.03.31 04:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010.02.05 19:25:12 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009.10.15 19:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009.10.15 19:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Home\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.04.29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.11.22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2002.09.19 22:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 10:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
DRV - [2001.11.05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001.11.05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F FA E9 69 55 A0 CA 01  [binary data]
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100470&mntrId=d2cec86400000000000000216379a29e
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes\{893BD1FC-C76A-461C-B061-831739B904AA}: "URL" = hxxp://www3.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 06 48 CD CF 20 CD 01  [binary data]
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE365
IE - HKU\S-1-5-21-3755129872-1911574987-1032981970-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.03.22 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.14 22:35:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 21:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.20 17:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.22 19:57:28 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SHIWebOnDiskManager] C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe (SHI Elektronische Medien GmbH)
O4 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000..\Run: [5kS43ADO0bzprWo] C:\Users\Krames\AppData\Roaming\soundblaster_fx648.exe File not found
O4 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = syntpenh.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = shiwebondiskmanager.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = avgnt.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = adobearm.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = googletoolbarnotifier.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = kalenderchen.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7? = netsession_win.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8? = soundblaster_fx648.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9? = newadmin.exe
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3755129872-1911574987-1032981970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D562578-A423-474D-B541-1DB007C9B87D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E172BE41-B1EF-4C9C-8749-C0E1B688C4D4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.22 18:13:42 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.29 23:11:08 | 000,000,000 | ---D | M] - E:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2011.05.23 09:55:26 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 00saskda - hkey= - key= - C:\Program Files\Security Administrator\newlock.exe ()
MsConfig - StartUpReg: 5kS43ADO0bzprWo - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Krames\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {05B09FE1-AC7E-ACE6-F83D-16EB9CD53B52} - .NET Framework
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B0C5236-0542-FFE8-ECED-485C50BDA2CA} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C2CA68D-F9C7-BD00-7B8F-A3C093F133DF} - Java (Sun)
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F5C7FC4-9955-C167-7790-A3F8C566BEFC} - Themes Setup
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {57813F76-A5E4-B70E-714C-BF6D3AE2C654} - Java (Sun)
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7FE453EF-5646-28AA-8269-720454B53E73} - Browser Customizations
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9B2A90E9-161B-B7F5-8637-96717FC70628} - Microsoft Windows Media Player 12.0
ActiveX: {9CA37933-B019-D3CA-B32F-F030A1C5D9FE} - Microsoft Windows Media Player 12.0
ActiveX: {C46D0A2E-2C4F-9FE2-49CB-64519A9B6699} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {D9B265E1-83CB-522B-1988-7884BA92380D} - Themes Setup
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099.03.19 21:45:58 | 000,212,992 | ---- | C] (Acro Software Inc.) -- C:\Windows\System32\cutesave.exe
[2099.03.19 21:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomPdf
[2099.03.19 21:44:26 | 001,142,784 | ---- | C] (Tidestone Technologies, Inc.) -- C:\Windows\System32\TTF16.ocx
[2099.03.19 21:44:26 | 000,163,840 | ---- | C] (Tidestone Technologies, Inc.) -- C:\Windows\System32\TTF16DE.DLL
[2099.03.19 21:41:25 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2050.05.15 08:01:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012.04.23 22:32:21 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\administrator2\Desktop\OTL.exe
[2012.04.23 07:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.22 23:37:09 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Malwarebytes
[2012.04.22 23:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.22 23:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.22 23:36:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.22 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.22 23:35:15 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Adobe
[2012.04.22 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Google
[2012.04.22 23:32:11 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Google
[2012.04.22 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Diagnostics
[2012.04.19 02:55:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.04.18 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Avira
[2012.04.18 21:08:53 | 000,000,000 | ---D | C] -- C:\Users\administrator2\Documents\WEKA
[2012.04.18 21:07:43 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.04.18 21:07:43 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Searches
[2012.04.18 21:07:43 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.04.18 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Identities
[2012.04.18 21:07:19 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Contacts
[2012.04.18 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\administrator2\Security Administrator
[2012.04.18 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\VirtualStore
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Vorlagen
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\AppData\Local\Verlauf
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\AppData\Local\Temporary Internet Files
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Startmenü
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\SendTo
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Recent
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Netzwerkumgebung
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Lokale Einstellungen
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Documents\Eigene Videos
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Documents\Eigene Musik
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Eigene Dateien
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Documents\Eigene Bilder
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Druckumgebung
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Cookies
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\AppData\Local\Anwendungsdaten
[2012.04.18 21:06:22 | 000,000,000 | -HSD | C] -- C:\Users\administrator2\Anwendungsdaten
[2012.04.18 21:06:21 | 000,000,000 | --SD | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Videos
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Saved Games
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Pictures
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Music
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Links
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Favorites
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Downloads
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Documents
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\Desktop
[2012.04.18 21:06:21 | 000,000,000 | R--D | C] -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.04.18 21:06:21 | 000,000,000 | -H-D | C] -- C:\Users\administrator2\AppData
[2012.04.18 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Temp
[2012.04.18 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Microsoft Help
[2012.04.18 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Local\Microsoft
[2012.04.18 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Media Center Programs
[2012.04.18 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\administrator2\AppData\Roaming\Macromedia
[2012.04.18 20:48:23 | 000,000,000 | -H-D | C] -- C:\Security Administrator
[2012.04.18 20:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Administrator
[2012.04.18 20:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Security Administrator
[2012.04.16 17:17:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.11 23:55:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 23:55:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.11 23:55:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 23:55:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 23:55:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 23:55:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 21:10:56 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.23 22:35:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.23 22:32:25 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\administrator2\Desktop\OTL.exe
[2012.04.23 22:27:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.23 22:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.23 20:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.23 07:52:32 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 07:52:32 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.23 07:50:22 | 000,880,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.23 07:50:22 | 000,792,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.23 07:50:22 | 000,215,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.23 07:50:22 | 000,186,128 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.23 07:44:58 | 2816,872,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.22 23:37:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.18 20:27:53 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Safe Web Browser.lnk
[2012.04.18 20:27:53 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Screen Lock.lnk
[2012.04.16 17:17:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.16 17:17:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.12 13:23:05 | 000,435,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2099.03.19 21:45:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\cute2mon2k.dll
[2099.03.19 21:45:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\uninstcp.exe
[2012.04.22 23:37:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.18 21:07:50 | 000,001,413 | ---- | C] () -- C:\Users\administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.04.18 20:27:53 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe Web Browser.lnk
[2012.04.18 20:27:53 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Lock.lnk
[2012.04.18 20:27:53 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Safe Web Browser.lnk
[2012.04.18 20:27:53 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Screen Lock.lnk
[2012.04.16 17:17:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.11.04 19:08:15 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.08.23 21:17:50 | 000,005,002 | ---- | C] () -- C:\ProgramData\bwxcldpn.mmu
[2011.08.22 17:56:30 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.01.03 22:23:37 | 000,000,245 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.11.11 11:28:02 | 000,000,396 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2010.05.14 22:56:29 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.22 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Adobe
[2012.04.18 21:13:09 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Avira
[2012.04.23 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Google
[2012.04.18 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Identities
[2010.09.27 15:22:37 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Macromedia
[2012.04.22 23:37:09 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\administrator2\AppData\Roaming\Media Center Programs
[2012.04.22 23:30:49 | 000,000,000 | --SD | M] -- C:\Users\administrator2\AppData\Roaming\Microsoft
 
< %APPDATA%\*.exe /s >
[2010.12.25 22:40:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\administrator2\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >

Gruss

Krames

22.04.2012, 21:06	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Weisser Bildschirm und Meldung "Verbindung wird hergestellt. Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ __________________

23.04.2012, 12:28	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Weisser Bildschirm und Meldung "Verbindung wird hergestellt. Ok, dann ist das ein Fehlalarm. Wenn man die Quelle weiß kann man besser einschätzen ob es eher ein Fehlalarm ist oder nicht __________________ Logfiles bitte immer in CODE-Tags posten

23.04.2012, 21:25	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Weisser Bildschirm und Meldung "Verbindung wird hergestellt. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Weisser Bildschirm und Meldung "Verbindung wird hergestellt.

Log-Analyse und Auswertung: Weisser Bildschirm und Meldung "Verbindung wird hergestellt.