Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: trojaner durch email

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.05.2012, 18:02   #16
rike42
 
trojaner durch email - Standard

trojaner durch email



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.05.2012 18:38:45 - Run 6
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 31,44% Memory free
3,21 Gb Paging File | 1,20 Gb Available in Paging File | 37,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217,64 Gb Total Space | 176,70 Gb Free Space | 81,19% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive F: | 99,18 Mb Total Space | 91,04 Mb Free Space | 91,79% Space Free | Partition Type: FAT32
 
Computer Name: RIKE-HP | User Name: Rike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.06 11:43:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.12 19:19:46 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012.03.12 19:19:42 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.20 10:40:32 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Rike\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2011.11.14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.02.09 17:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.02.01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011.01.06 20:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010.12.28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010.12.13 12:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009.02.23 15:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.05 16:09:10 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.12 19:19:42 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011.11.14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011.11.14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011.11.14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011.11.14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011.11.14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011.11.14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011.11.14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2011.08.22 02:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.04 21:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.03.04 12:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.05.05 16:09:12 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.12 19:19:46 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.25 02:08:46 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2011.02.01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011.01.06 20:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.01.06 20:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.12.28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.05 09:16:20 | 000,436,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.05 00:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.04 21:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.01 20:17:00 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.02.15 21:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.02.10 15:50:22 | 002,717,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.02.09 17:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.06 20:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.01.06 20:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.01.06 20:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.01.06 20:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.01.06 20:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.01.06 20:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.01.06 20:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.21 02:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.11.29 14:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 04:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.12 04:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\..\SearchScopes,DefaultScope = {E5CEDFED-2DD7-479B-B5FB-D54991A4EB5D}
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\..\SearchScopes\{E5CEDFED-2DD7-479B-B5FB-D54991A4EB5D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.02.01 12:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012.03.12 19:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2012.03.19 19:30:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.05 20:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.12 07:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Extensions
[2012.05.05 12:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\65veosuj.default\extensions
[2012.01.26 08:06:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\65veosuj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.08 16:20:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\65veosuj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.05 20:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.05 20:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.05.05 20:41:15 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
() (No name found) -- C:\USERS\RIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65VEOSUJ.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 19:19:41 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC76} - C:\Program Files (x86)\Message Faces for Internet Explorer\x64\messagefaces-ie.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files (x86)\Message Faces for Internet Explorer\x86\messagefaces-ie.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-688040076-4065842808-1344549600-1001..\Run: [Facebook Update] C:\Users\Rike\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-688040076-4065842808-1344549600-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-688040076-4065842808-1344549600-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-688040076-4065842808-1344549600-1001..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-688040076-4065842808-1344549600-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FF78FB-77BC-466E-ADB6-7D23B90C1116}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{902AAE46-0D3F-4F1B-99F7-8FF393AD700C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.06 12:22:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Rike\Desktop\esetsmartinstaller_enu.exe
[2012.05.06 11:43:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe
[2012.05.06 11:34:48 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{23C8643B-1ADC-49A1-9545-8C2CCA251D39}
[2012.05.06 11:34:24 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{1424645A-0D3E-4A71-B5AA-293FD812C0B2}
[2012.05.05 22:54:22 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{91DCF39D-66CB-4025-9B08-34F9257DEDB9}
[2012.05.05 22:52:44 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{74CCED6A-9204-4E87-B02F-D73D06CF4102}
[2012.05.05 20:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.05 20:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.05 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\Apps
[2012.05.05 11:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.05 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{032C36AE-0272-4E5E-8E38-AF3C39E248C6}
[2012.05.05 10:51:08 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{18E8FC16-57DD-4F3F-BEA8-F686FFC95001}
[2012.05.04 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{E19C20E3-EECE-489C-94E1-613CA6B2F1FE}
[2012.05.04 22:49:26 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{CEE9C4B0-9A51-443F-987C-57E5C9D6BF1B}
[2012.05.04 08:38:02 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.04 08:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.04 08:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.04 08:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.04 08:20:21 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{03C98771-8EFD-430D-8126-889B7DE92CDB}
[2012.05.04 08:19:53 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{C8D85BD6-07E3-408A-89CA-A6ABE473FA6F}
[2012.05.04 08:13:09 | 000,544,032 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.05.04 08:13:07 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.05.04 08:13:06 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.05.04 08:13:06 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.05.04 08:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.04 07:43:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.03 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{F4747EE8-3DFF-4360-81B7-220EA36B7DD7}
[2012.05.03 20:12:56 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{13615E33-8016-4355-88E1-3F0928C0AFD0}
[2012.05.03 06:18:56 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{86890D24-56DC-402F-B2BF-281C74B7AB90}
[2012.05.03 06:18:41 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{BFB74F8A-365B-49F5-8F4B-5D5CA9E8755F}
[2012.05.02 22:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.02 22:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.02 12:43:08 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{A2610B38-F0FE-48E9-8BA6-F17E1BCB20BE}
[2012.05.02 12:42:43 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{C84BD7D6-CC5B-4AC7-9E3B-2949462132D5}
[2012.05.01 21:59:09 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{76B93B11-A02B-4755-8C3F-65B175DB9F68}
[2012.05.01 21:58:45 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{372D01FA-4BBB-4C33-ACCB-533AC7A11C4A}
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Malwarebytes
[2012.05.01 21:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.01 21:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.01 21:11:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.01 21:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.01 19:27:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en
[2012.05.01 19:27:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409
[2012.05.01 19:27:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US
[2012.05.01 19:27:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2012.05.01 19:27:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.05.01 19:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012.05.01 10:04:18 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Hbfusxplb
[2012.05.01 09:58:15 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{5511AB08-1126-4D06-8E12-3FBC1F032EF7}
[2012.05.01 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{64FF208D-0BFE-4175-BA5F-23E26932B09F}
[2012.04.30 21:55:24 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{372C89B6-9AE3-4188-8702-ED59DEACD2BD}
[2012.04.30 21:55:04 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{40BA9362-3D78-4035-91C3-4AA18FE22552}
[2012.04.30 09:42:47 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{B97F158E-B79C-4603-B623-1B47B838A902}
[2012.04.30 09:42:27 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{76A15291-C1AE-4F69-A916-4FFFDBA14B51}
[2012.04.29 21:32:39 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{A505D8F9-449F-4144-BA72-E51EDDC5C114}
[2012.04.29 21:31:54 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{600C320E-DB25-4A12-9E96-076AB101DCAE}
[2012.04.29 09:30:52 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{23B94CEA-1690-4844-9CDE-2E2090E6BC63}
[2012.04.29 09:30:35 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{606BE038-F090-49BB-A55E-6628992E9B4E}
[2012.04.28 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{514A2120-DF30-49C8-9F2D-2F0EDCD7793D}
[2012.04.28 10:19:06 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{E1D77E2C-D9BE-483A-9E4E-5A11DE05F4BA}
[2012.04.27 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{DFDB8454-3822-44C6-83B7-DD90CCEDB878}
[2012.04.27 22:17:34 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{7AE06BC2-9EB4-4487-81B3-3945A698A71D}
[2012.04.27 13:50:39 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guardians of Beyond - Hexenhausen Sammleredition
[2012.04.27 13:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guardians of Beyond - Hexenhausen Sammleredition
[2012.04.27 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guardians of Beyond - Hexenhausen Sammleredition
[2012.04.27 06:23:48 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{424FEB80-7DD5-4290-A15A-25185CAE180E}
[2012.04.27 06:23:18 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{E73F308C-070E-48E0-AC5E-390B10FBFF4B}
[2012.04.25 21:15:47 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{CB476FD8-8A05-4CED-B3F6-BAEE6166D78A}
[2012.04.25 21:15:30 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{7564FD68-6D98-4691-B815-A5EF2C1474CD}
[2012.04.25 07:41:14 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{B816BF8D-2442-43E7-B479-D43FF1581FBA}
[2012.04.25 07:40:05 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{F9672FFE-98E4-49A3-BACC-4A3AC20EAAE4}
[2012.04.24 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{1A5EC984-8007-4ABB-B611-ACB5A76699BA}
[2012.04.24 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{CF335D44-7701-49DF-A3DC-E9B5BB4325C0}
[2012.04.23 21:34:22 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{39F9964F-3DAD-4507-A85B-9BEDC1E9D991}
[2012.04.23 21:33:10 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{76FCA07A-B82F-4DD8-A308-DC0B4DD8B11A}
[2012.04.23 09:30:23 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{3C81FC27-FCF6-4BA9-A30E-B8CB8A8D0D67}
[2012.04.23 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{2315DE57-18F3-4CCC-A095-E45884A6FA6D}
[2012.04.22 21:27:11 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{0932B65B-A834-43CB-A75D-08B8E75CA20F}
[2012.04.22 21:26:00 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{73FC3CBA-D3F8-4590-A437-3EA625BDD5B0}
[2012.04.22 13:13:19 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\TomTom
[2012.04.22 13:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2012.04.22 13:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2012.04.22 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3
[2012.04.22 09:23:30 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{CD0AA4D6-7B8C-4BE4-AB27-CA6E872014EF}
[2012.04.22 09:23:15 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{0805C92A-3A23-4B4D-B15B-EEA12BF94E35}
[2012.04.21 09:54:12 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{A485EB71-9F5B-49D8-A1B1-16CD107BAB31}
[2012.04.21 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{39E38C82-7E32-4D4F-877C-5129FEEFB05F}
[2012.04.20 09:29:56 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{D0C36A2C-8167-46B0-A126-99837631AA95}
[2012.04.20 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{4BD24961-F921-4FF0-80FF-DDE17F28E297}
[2012.04.19 20:19:25 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{20FF69E4-251E-4ACD-8548-FB21F3DC4281}
[2012.04.19 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{76BE9DDB-0063-4A0B-9EBD-2587612D6DB5}
[2012.04.19 06:27:05 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{88AEB8B9-2870-4B49-BD9A-4F93115913AA}
[2012.04.19 06:26:50 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{8DE1291F-AD4F-40CF-9A0E-8AAAB29F243E}
[2012.04.18 06:16:17 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{7A6D065E-7DC6-444D-B498-A8C72CC5BA25}
[2012.04.18 06:16:05 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{3E002CD0-9420-4825-8D62-96C835E7BB4E}
[2012.04.17 08:55:10 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{B80C12CB-84F6-4669-8365-299E3BBDDE16}
[2012.04.17 08:54:46 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{2D143E00-5F0A-41B2-9616-D77C86B736F0}
[2012.04.16 20:52:07 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{F0C7E53F-6911-4ED7-B327-6DE685F77C19}
[2012.04.16 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{C3E9D653-CF77-48D7-B2EE-ADA78798D226}
[2012.04.16 06:13:35 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{E50E526C-F69A-499A-9671-E7BF6457343E}
[2012.04.16 06:13:18 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{CA6D7BC7-5DFD-425E-B650-12C726AC9409}
[2012.04.15 12:10:54 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{0D83490E-4813-43B5-85C0-57B1C51FEF64}
[2012.04.15 12:10:36 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{080A9781-DCA2-4C43-A6A3-DC36A4AC79DC}
[2012.04.14 23:28:45 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{60546FA4-5931-499D-A7EC-A10B6BC3E266}
[2012.04.14 23:28:31 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{26268009-3C6C-4AFF-9C0C-67E52C7DA117}
[2012.04.14 08:04:53 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{50742359-0284-4A9A-BDCC-F23BA679EE3A}
[2012.04.14 08:04:36 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{D881C6EC-DD38-4160-8270-9582BE91A984}
[2012.04.13 06:33:28 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{22C010A9-4B0F-48E1-840C-7AA99763F8DE}
[2012.04.13 06:33:09 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{71571163-7AA2-445F-BF9A-DE37C1A53364}
[2012.04.13 06:29:03 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.04.13 06:25:13 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.04.13 06:24:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.13 06:07:51 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{1624BD53-287D-4A19-8AB3-5D4FBD002853}
[2012.04.12 08:59:01 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{FC2A6BDD-5922-43A7-B18F-8900F9380397}
[2012.04.11 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{B7A63172-9737-425A-9450-04D3138F1685}
[2012.04.11 07:10:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 07:10:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 07:10:21 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.11 07:10:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 07:10:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 07:10:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 07:10:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 07:10:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.11 07:10:18 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.11 07:10:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.11 07:10:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.11 07:09:47 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 07:09:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 07:09:45 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 07:05:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 07:05:21 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 07:05:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 06:19:38 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{537025EF-335E-4ED6-A048-AD852FA5B039}
[2012.04.10 12:22:20 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{B72D0D68-CB92-43F0-BBA8-BEB6AA98547A}
[2012.04.09 20:46:08 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{3A2B281E-499B-412F-B3D4-73651782E8E5}
[2012.04.09 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{E3F9CA8C-E9BF-40EB-89C6-8A859477F68C}
[2012.04.08 16:20:09 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.08 16:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.04.08 16:18:51 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll
[2012.04.08 16:18:51 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcm100u.dll
[2012.04.08 16:18:50 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc100u.dll
[2012.04.08 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\DVDVideoSoft
[2012.04.08 16:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.04.08 16:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVIDEOSOFT
[2012.04.08 16:01:36 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{FC80ECD7-FBE4-411D-8F95-00E3617328F4}
[2012.04.08 00:52:10 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{6E28C1E6-9942-4C2F-842F-F00F119D34CD}
[2012.04.07 12:51:44 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{BF3E2201-0078-4601-B7C2-53BE3E78C858}
[2012.04.06 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\{48E2FC20-40DA-42D5-9F6F-0D2B19FC8A67}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.06 18:47:31 | 002,359,296 | -HS- | M] () -- C:\Users\Rike\NTUSER.DAT
[2012.05.06 18:07:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.06 15:30:07 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.05.06 15:30:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.06 12:23:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Rike\Desktop\esetsmartinstaller_enu.exe
[2012.05.06 11:44:10 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 11:44:10 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 11:43:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe
[2012.05.06 11:40:19 | 097,285,812 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.05.06 11:31:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.05.06 11:31:16 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 23:13:59 | 002,143,182 | -H-- | M] () -- C:\Users\Rike\AppData\Local\IconCache.db
[2012.05.05 20:41:49 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.05 16:09:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.05 16:09:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.05 16:08:04 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.04 08:37:16 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.04 08:26:34 | 000,107,030 | ---- | M] () -- C:\Users\Rike\Documents\cc_20120504_082621.reg
[2012.05.04 08:12:40 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.05.04 08:12:40 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.05.04 08:12:40 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.05.04 08:12:39 | 000,544,032 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.05.04 08:12:39 | 000,525,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.02 22:42:29 | 000,000,822 | ---- | M] () -- C:\Users\Rike\Documents\CCleaner.lnk
[2012.05.02 20:40:34 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRIKE-HP$.job
[2012.05.01 21:11:39 | 000,001,109 | ---- | M] () -- C:\Users\Rike\Documents\ Malwarebytes Anti-Malware .lnk
[2012.05.01 17:11:30 | 000,158,973 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.27 13:53:26 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Guardians of Beyond - Hexenhausen Sammleredition.lnk
[2012.04.27 13:53:26 | 000,001,326 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2012.04.27 11:24:35 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRike.job
[2012.04.22 13:10:56 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.22 13:10:56 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.22 13:10:56 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.22 13:10:55 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.22 13:10:55 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.08 16:20:00 | 000,001,239 | ---- | M] () -- C:\Users\Rike\Documents\DVDVideoSoft Free Studio.lnk
[2012.04.08 16:19:57 | 000,001,398 | ---- | M] () -- C:\Users\Rike\Desktop\Free YouTube to MP3 Converter.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.05 20:41:49 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.04 08:37:16 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.04 08:26:29 | 000,107,030 | ---- | C] () -- C:\Users\Rike\Documents\cc_20120504_082621.reg
[2012.05.03 09:53:08 | 000,000,822 | ---- | C] () -- C:\Users\Rike\Documents\CCleaner.lnk
[2012.05.03 09:52:55 | 000,001,109 | ---- | C] () -- C:\Users\Rike\Documents\ Malwarebytes Anti-Malware .lnk
[2012.05.02 12:42:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRIKE-HP$.job
[2012.05.01 23:15:13 | 002,143,182 | -H-- | C] () -- C:\Users\Rike\AppData\Local\IconCache.db
[2012.04.27 13:53:26 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Guardians of Beyond - Hexenhausen Sammleredition.lnk
[2012.04.27 13:53:26 | 000,001,326 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2012.04.08 23:13:34 | 000,001,239 | ---- | C] () -- C:\Users\Rike\Documents\DVDVideoSoft Free Studio.lnk
[2012.04.08 16:19:57 | 000,001,398 | ---- | C] () -- C:\Users\Rike\Desktop\Free YouTube to MP3 Converter.lnk
[2012.01.02 23:08:05 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.09 21:10:49 | 000,061,392 | ---- | C] () -- C:\Users\Rike\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.06.08 00:26:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.13 11:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 11:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 11:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2011.05.10 09:55:07 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.12.21 02:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.12.16 01:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.02.27 02:49:03 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\AlawarEntertainment
[2012.03.08 13:36:23 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Artogon
[2012.01.09 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\AVG
[2011.11.10 08:33:58 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\AVG2012
[2012.03.06 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Awem
[2012.03.05 15:28:54 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Blue Tea Games
[2012.04.08 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\DVDVideoSoft
[2012.04.08 16:20:09 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\EleFun Games
[2012.01.22 15:06:11 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\EnchantedCavern
[2012.03.07 14:38:39 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Enki Games
[2012.01.16 22:08:39 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Epson
[2012.01.22 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\ERS Game Studios
[2012.01.11 13:35:38 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\FamilyVacationCalifornia
[2012.03.06 13:10:17 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Frogwares
[2012.05.01 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Hbfusxplb
[2012.03.25 14:55:41 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\HitPoint Studios
[2012.01.03 16:33:37 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Lexware
[2012.03.09 14:00:02 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Orneon
[2012.02.19 00:18:03 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\PlayPond
[2012.04.24 08:37:21 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\SoftGrid Client
[2011.11.09 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Synaptics
[2012.01.02 23:09:54 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\TP
[2012.01.22 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Vast Studios
[2012.04.27 14:04:00 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Vogat Interactive
[2012.01.04 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Windows Live Writer
[2012.04.18 06:13:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 06.05.2012, 18:03   #17
rike42
 
trojaner durch email - Standard

trojaner durch email



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.05.2012 18:38:46 - Run 6
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 31,44% Memory free
3,21 Gb Paging File | 1,20 Gb Available in Paging File | 37,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217,64 Gb Total Space | 176,70 Gb Free Space | 81,19% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive F: | 99,18 Mb Total Space | 91,04 Mb Free Space | 91,79% Space Free | Partition Type: FAT32
 
Computer Name: RIKE-HP | User Name: Rike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-688040076-4065842808-1344549600-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECD95A-DDB5-4F14-AB02-BC2E19782C11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{049671D1-78F8-41A2-A39B-29C1172957E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{154BD470-FB92-4C2B-8BF0-6BB4C3FFE159}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15873059-A33A-4654-8446-2172B36ACB8E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{36C612D6-7280-4732-91BC-DF942AC715E9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3CDB6771-3218-4D4C-BFBD-28C6A6817191}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47B845F3-B3B6-46F6-997F-CAF7F377C1F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4DB0B9A7-B5BF-423D-B07A-4E426F412B22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{539FF5B6-5F05-478D-8269-9BBE0D206530}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6306839A-108A-4E1C-BBCA-31508170B15A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73F2E517-CB79-4737-B4B7-95B02D48BF09}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73F8720F-EFFD-4961-9B14-802863F11E5A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{787943CD-902C-4C88-AD80-DB3910221CD8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7BBFD59E-ECDC-4F47-9C0B-A27CBCA2B52A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9669D44C-F0CD-42D2-93D9-BFD58C56C17F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96B3896A-5415-4EA2-8E5C-9695A1639DD6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9DB446A5-417B-48BE-8343-F927AF283549}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9EE156F6-330D-4735-92BB-B054EBF5CF85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB8FE59C-23B6-483C-AEBA-1DF54E48DA13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BBE678D5-E3FE-494C-BEC6-A9984AAEFEBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD43471F-73DB-4B61-8B08-637C0D952D72}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D2408D74-6C6A-4C81-8A5D-0BD088CCF264}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7BD90BE-D33B-48E6-88DE-AFC9B4937047}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D839CBCE-2D23-449B-BEC2-307FA44CBC1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DC2B4737-9DAB-470F-AD90-0692ABC8F82B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03756458-D0EF-49D1-80FB-0BB566795FF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{053E10F6-72C1-4762-9CE4-43C04FBF1220}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{07B3E68F-C791-4677-88E1-536DC250B92A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{13636BBF-7207-43C5-810D-F855726413A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1E7E82B0-0BF3-4EED-BB1C-D00E0C51F29E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{1FBBF5FA-7E13-427F-B359-682272E9ACA2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{3301D0B0-EE8A-4D38-AFC5-1C1900C47BCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3427A715-C1DA-43B5-B154-D78201E68EEB}" = dir=in | app=c:\users\rike\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{40D8DF87-812C-4EA1-B656-146E0F81D9C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{421FEC94-B444-4FFA-894F-F7323E3D8CE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4574816C-82BE-4C2B-BADC-4065FDC73B71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6195A76B-9537-408B-8412-819C66579956}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66BDA8F1-6214-40CE-8EDF-7B87BAE40E4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E754F93-7F9C-49DD-BF86-3D343673FDA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72AAF7CC-66C3-4B70-8080-BD1885857F42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D85B0E6-3EF5-4654-AA92-38DCBEF57206}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{856E656B-F109-4DA4-BC96-4B0922A7639F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{88AD83AF-DF44-467D-8724-2215FA99E655}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{997147F1-2D44-42CC-AC4A-E11151D3C799}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B640A1B-27B7-4A70-A49B-C3E1C56C33C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FFC7719-01C5-4322-961E-37EE85831C90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEB1CA98-425A-4A5B-B6B2-04560429AE9A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AFDDE5C7-C402-43AB-9737-9EDAE9C17EE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B364CA41-9339-41F2-AEB9-47EDB03641BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B46CA818-E5F1-42DB-9013-0D2E0C3397D2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{D9AD44F7-1DFE-410E-B0FB-82B5A0CE82A7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DD914877-A81B-4B72-8E0D-FB36F01D4CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{E618FDB4-CC5C-4904-B278-E4AC0253C635}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{EB6C49F6-4D89-4A1E-841A-2E823DA5CC39}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{EB885D67-D55E-4FF7-91A9-99206858746D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{F3D0E4F6-93E5-491D-8F90-D3812AE3E3C8}" = protocol=6 | dir=out | app=system | 
"{F6674586-F182-42DA-8A9A-55E0439D851E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FAB1F7E9-E7FF-42DA-AB3A-5EB76FFBFC5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE43BF80-6AEB-472E-BDF8-0188D5D08765}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E6BEFE9-0AFF-C09F-24A8-AA1CB05869BF}" = WMV9/VC-1 Video Playback
"{76A7DF87-2F94-A068-96B1-D5A392B785E1}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D1250C3B-8953-8A3F-9FCF-D43BB6AE0051}" = AMD Fuel
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E04A3037-2F82-C518-D6CA-A63497D3872F}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26C4E5F1-314C-F3DF-2294-3685BF5F9E05}" = CCC Help Czech
"{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1042D-1423-81C6-299B-C21FAB216F93}" = CCC Help Italian
"{6137C043-93EA-6769-90EA-01E87B041117}" = CCC Help Norwegian
"{6265A4F4-91FE-FFEC-1ECA-E5639B80ECB3}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{657BD928-2C0B-7EFA-7740-DE8BC937FEF4}" = CCC Help Thai
"{66E30DB0-A342-F453-D14D-827B454A9E4A}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833708F-D07C-34AA-B195-698FA0C8879C}" = CCC Help Polish
"{687DB473-1A0F-5B1D-D0E0-A73258207AB2}" = ccc-core-static
"{6C92846D-67BA-5B17-38F4-E1318A0272B7}" = CCC Help Greek
"{6D437C07-418F-9E01-96EB-DC55F780A198}" = CCC Help Turkish
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710E96D5-98A1-6732-8768-8F4ACCA520C1}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9299A9E5-4A0F-C936-76BD-62BCBD38CC21}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9B04A7CC-F80E-72C6-8B9E-83A88A5B479B}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6A200F-90D7-F262-9639-16D640298E32}" = CCC Help Finnish
"{A37E63B7-29E5-CAF4-A81D-0A67946924E0}" = Catalyst Control Center Graphics Previews Common
"{A5449F23-80E8-04D2-EB41-7BE229CCB37B}" = Catalyst Control Center InstallProxy
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0838AAC-DF3E-5865-88D3-E43864E2B065}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C257F891-7975-979B-3EDD-D3E74F1F583B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CBD74B80-E1A2-08A1-69D9-DE37BFA265EF}" = CCC Help German
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA26698F-3E4F-FBAE-8219-5C3D3C1ECA92}" = CCC Help Spanish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13D5C1F-EA6D-E340-85A9-0EA7221F31E9}" = CCC Help Danish
"{E1D1E335-C6CE-C9A5-12B8-587D561E8B30}" = Catalyst Control Center Localization All
"{E3FE0FA5-D813-14AB-DE7B-594257E9550B}" = CCC Help Chinese Traditional
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E774EEC0-18E6-49C8-A271-07654C0A2047}" = Catalyst Control Center - Branding
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C4AAC9-C7B6-59B3-789D-D2CA4E0CFCD1}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5468CFB-F146-12D8-913B-513145180028}" = CCC Help Russian
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2509E9-7197-8FB8-B35E-090A4F81CA6A}" = CCC Help Chinese Standard
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"BFGC" = Big Fish Games: Game Manager
"BFG-Guardians of Beyond - Hexenhausen Sammleredition" = Guardians of Beyond: Hexenhausen Sammleredition
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Message Faces for IE" = Message Faces für Internet Explorer (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
"WTA-40a22801-9cef-4790-bda0-5ce7b7ef0c83" = Red Crow Mysteries: Legion
"WTA-fdb7ada1-e72d-44b5-a7cd-eb1f008c8c3b" = Family Vacation: California
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-688040076-4065842808-1344549600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2012 00:16:34 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2012 03:28:21 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2012 03:52:51 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2012 03:21:50 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2012 07:05:01 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2012 10:24:41 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2012 00:13:22 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2012 14:55:25 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 00:24:21 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 13:36:09 | Computer Name = Rike-HP | Source = WinMgmt | ID = 10
Description = 
 
[ Hewlett-Packard Events ]
Error - 31.12.2011 05:52:41 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 31.12.2011 05:52:41 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 1642  Ram Utilization: 80  TargetSite: Void closeConnection()

 
Error - 31.12.2011 05:52:41 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 1642  Ram Utilization: 80  TargetSite: Void closeConnection()

 
Error - 13.01.2012 09:00:23 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 13.01.2012 09:06:26 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 13.01.2012 09:07:06 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 27.01.2012 06:52:59 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 27.01.2012 06:58:02 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 27.01.2012 07:01:07 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 27.01.2012 07:28:18 | Computer Name = Rike-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 09.12.2011 12:09:17 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2011.12.09 17:09:17.705|00000288|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.12.2011 18:22:20 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2011.12.11 23:22:20.964|00001010|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 24.12.2011 15:19:00 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2011.12.24 20:19:00.515|00000E88|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 31.12.2011 05:58:16 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2011.12.31 10:58:16.748|000016A0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 06.01.2012 07:46:50 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2012.01.06 12:46:50.438|00001508|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20.01.2012 06:51:02 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2012.01.20 11:51:02.378|000003A0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20.01.2012 06:53:07 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2012.01.20 11:53:07.355|000016A4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20.01.2012 06:53:16 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2012.01.20 11:53:16.478|00000D70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 27.01.2012 07:01:53 | Computer Name = Rike-HP | Source = CaslWmi | ID = 5
Description = 2012.01.27 12:01:53.617|00001B50|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 05.04.2012 10:07:13 | Computer Name = Rike-HP | Source = hpqWmiEx | ID = 5
Description = 2012/04/05 16:07:13.621|00001230|Error      |ChpqWmiExModule::Start|StartServiceCtrlDispatcher
 FAILED. Error: 1063
 
[ HP Wireless Assistant Events ]
Error - 09.11.2011 18:40:03 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.11.2011 18:41:09 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.11.2011 18:41:15 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.11.2011 18:42:20 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.11.2011 18:42:25 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.11.2011 18:43:31 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.11.2011 18:43:36 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 15.01.2012 17:11:28 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 18.02.2012 10:08:17 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Threading.ThreadAbortException Der Thread wurde abgebrochen.

   bei System.Management.IEnumWbemClassObject.Next_(Int32 lTimeout, UInt32 uCount,
 IWbemClassObject_DoNotMarshal[] apObjects, UInt32& puReturned)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 18.02.2012 10:08:17 | Computer Name = Rike-HP | Source = HP WA Service | ID = 0
Description = System.Threading.ThreadAbortException Der Thread wurde abgebrochen.

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 05.05.2012 14:18:03 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 05.05.2012 15:11:58 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 05.05.2012 15:12:13 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 XobniService erreicht.
 
Error - 05.05.2012 15:12:13 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 06.05.2012 05:32:49 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 06.05.2012 05:33:13 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 XobniService erreicht.
 
Error - 06.05.2012 05:33:13 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XobniService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 06.05.2012 08:36:03 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst UxSms erreicht.
 
Error - 06.05.2012 09:08:20 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AMD FUEL Service erreicht.
 
Error - 06.05.2012 09:30:01 | Computer Name = Rike-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AMD FUEL Service erreicht.
 
 
< End of report >
         
--- --- ---
__________________


Alt 07.05.2012, 07:57   #18
kira
/// Helfer-Team
 
trojaner durch email - Standard

trojaner durch email



Jepp

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\..\SearchScopes,DefaultScope = {E5CEDFED-2DD7-479B-B5FB-D54991A4EB5D}
IE - HKU\S-1-5-21-688040076-4065842808-1344549600-1001\..\SearchScopes\{E5CEDFED-2DD7-479B-B5FB-D54991A4EB5D}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.de"
[2012.05.05 20:41:15 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
O2 - BHO: (no name) - {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
hier bitte noch 3 bis 9 erledigen, dann sind wir fertig:-> http://www.trojaner-board.de/114514-...tml#post823556
__________________
__________________

Geändert von kira (07.05.2012 um 08:03 Uhr)

Alt 07.05.2012, 10:55   #19
rike42
 
trojaner durch email - Standard

trojaner durch email



Hallo kira,
habe mit oracle java version7 erneuert
Mozilla Firefox habe ich aktualisiert
CCleaner habe ich auch gemacht
Superantspyware Free habe ich auch gemacht der dauerte 3 stunden
Eset Online Scanner habe ich auch gemacht gestern der hat auch solange gedauert
Es wurden keine Brdrohungen mehr gefunden.
Hatte nur vergessen es dir mit zu teilen .

Lg rike :-)

Geändert von rike42 (07.05.2012 um 11:01 Uhr)

Alt 08.05.2012, 08:45   #20
kira
/// Helfer-Team
 
trojaner durch email - Standard

trojaner durch email



** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!


Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 08.05.2012, 10:31   #21
rike42
 
trojaner durch email - Standard

trojaner durch email



Hallo kira,
ich danke dir für deine schnelle hilfe bei meinem problem das ich hatte ich finde eure seite echt super und die tips auch macht weiter so werde euch weiter empfehlen wenn einer meiner freunde ,bekannten oder familie ein problem hat

bis bald rike :-)

Antwort

Themen zu trojaner durch email
abgesicherten, angeblich, anhang geöffnet, bewusst, code, dateianhang, eingefangen, email, explorer, falsch, falsche, fenster, garnichts, gefangen, gen, hoffe, konto, mails, meldung, modus, neu, nichts, stunden, total, trojaner, würde, zahlen



Ähnliche Themen: trojaner durch email


  1. Email Account gehackt: Email Versand an meine Kontakte mit meinem Namen, aber anderer Email Adresse.
    Log-Analyse und Auswertung - 29.07.2015 (3)
  2. Durch Öffnen der DHL-Paket-Email mit Virus infiziert.
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (13)
  3. Windows 7 _ DHL Trojaner _ vc32lo 1.dll eingefangen durch Email!
    Log-Analyse und Auswertung - 05.04.2015 (10)
  4. t-online Adresse eingeschränkt wg. mögl. Nutzung meines eMail Kontos durch Dritte
    Log-Analyse und Auswertung - 03.03.2015 (15)
  5. Spam-Mails durch Email-Account versendet
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (13)
  6. Trojaner durch Öffnen von Spam-Email/WinZip Malware Protector
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (1)
  7. Win7 64Bit - Email Account wurde kompromittiert, vermutlich durch Virus, Trojaner, Malware oder Hijacker. Nach Scan mit ESET Online Scanner
    Log-Analyse und Auswertung - 17.04.2014 (9)
  8. email gehackt überprüft durch BSI-sicherheitstest
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (6)
  9. Link in Email angeklickt durch gehackten Mail account
    Log-Analyse und Auswertung - 14.04.2013 (26)
  10. Windows 7 Professional 32 Bit durch Virus in Fake-Email beschädigt.
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (4)
  11. Windows 7 Professional 32 Bit durch Virus in Fake-Email beschädigt.
    Mülltonne - 09.10.2012 (0)
  12. Trojaner durch email
    Log-Analyse und Auswertung - 02.08.2012 (28)
  13. Verschlüsselungs-Trojaner Trojan.Ransomlock.P durch Anhang einer Email-Mahnung
    Log-Analyse und Auswertung - 14.06.2012 (4)
  14. Virus/Trojaner durch Email
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (9)
  15. Automatische Email-Versand durch Virus
    Log-Analyse und Auswertung - 19.12.2010 (1)
  16. kompromittierte Email u. gameaccounts evtl. durch H@tkeysh@@k.dll
    Log-Analyse und Auswertung - 05.12.2010 (27)
  17. Langsamer eMail-Versand durch Antivirenlösungen?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.04.2005 (9)

Zum Thema trojaner durch email - OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 06.05.2012 18:38:45 - Run 6 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service - trojaner durch email...
Archiv
Du betrachtest: trojaner durch email auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.