Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Vista weißer Screen nach start,

Vista weißer Screen nach start,


Log-Analyse und Auswertung: Vista weißer Screen nach start,

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 10.11.2013, 11:59   #1
MefTical
 
Vista weißer Screen nach start, - Standard

Vista weißer Screen nach start,


Mahlzeit...!!

Mein Arbeitskollege hat sich, so wies aussieht, auf seinen Lappi was eingefangen...

NAch dem Booten kommt ein weißer Bildschirm und dass bleibt auch so...

Abgesicherter Modus funktioniert, OTL logs wurden erstellt...

Bitte um Anweisung


Hier die Logs:

OTL
Zitat:
OTL logfile created on: 10.11.2013 11:34:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = f:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 85,72% Memory free
5,70 Gb Paging File | 5,51 Gb Available in Paging File | 96,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 204,99 Gb Total Space | 168,91 Gb Free Space | 82,40% Space Free | Partition Type: NTFS
Drive D: | 27,88 Gb Total Space | 19,99 Gb Free Space | 71,69% Space Free | Partition Type: FAT32
Drive F: | 7,22 Gb Total Space | 7,22 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.10 11:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- f:\OTL.exe
PRC - [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013.10.29 17:55:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.29 11:02:59 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.10.09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.02 13:54:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.02 13:54:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.02 13:54:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.07.20 08:59:44 | 000,791,040 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2007.06.01 12:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.05.02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.telekom.at [binary data]
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.A1.net
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 6F 91 28 E7 BF CB 01 [binary data]
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..\SearchScopes\{6CE026B6-5CF6-4672-A4AC-3EE7E955FD10}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=CD613AB5-81C0-4B41-9D7E-322A7F1809E2&apn_sauid=90C5BA6A-7B89-4B9B-B82B-D7A4A8921988
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..\SearchScopes\{9080D49B-37F1-4367-93F0-CBA132BEB516}: "URL" = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.16
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.29 11:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.10.04 10:03:14 | 000,000,000 | ---D | M]

[2009.03.19 14:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2013.10.01 10:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\q1zf2a0b.default\extensions
[2012.05.29 13:08:12 | 000,439,720 | ---- | M] () (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\q1zf2a0b.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.05.29 11:03:26 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\q1zf2a0b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011.02.07 18:56:23 | 000,000,572 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\q1zf2a0b.default\searchplugins\bing.xml
[2012.09.19 20:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.22 18:25:14 | 000,000,000 | ---D | M] (Controller) -- C:\Programme\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2012.09.19 20:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.05.29 11:02:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.29 11:02:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.29 11:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.29 11:02:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.29 11:02:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.29 11:02:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.29 11:02:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage:
CHR - homepage:
CHR - Extension: YouTube = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [A1Webassistent] C:\Program Files\A1\A1 Webassistent\A1Webassistent.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
O4 - HKLM..\Run: [ESB] C:\Windows\System32\ESB.EXE ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000..\Run: [A1_Dashboard] C:\Program Files\A1 Dashboard\Dashboard.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
O4 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO File not found
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{411ED998-5202-4EE0-B39F-096A862743F8}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F9CA81E-CE86-419A-8F21-01A814976BEC}: NameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DCDF17C-C102-4C4F-81B8-EB968F4CE797}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000 Winlogon: Shell - (C:\Users\Felix\AppData\Roaming\Other.res) - C:\Users\Felix\AppData\Roaming\Other.res ()
O24 - Desktop WallPaper: C:\Users\Felix\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Felix\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1f41e119-240b-11e2-8b22-0015afd3d13f}\Shell - "" = AutoRun
O33 - MountPoints2\{1f41e119-240b-11e2-8b22-0015afd3d13f}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{245463bc-8334-11dd-88ee-0015afd3d13f}\Shell - "" = AutoRun
O33 - MountPoints2\{245463bc-8334-11dd-88ee-0015afd3d13f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{245463d0-8334-11dd-88ee-0015afd3d13f}\Shell - "" = AutoRun
O33 - MountPoints2\{245463d0-8334-11dd-88ee-0015afd3d13f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52e9fd5a-1483-11de-949b-0040d0fffec1}\Shell - "" = AutoRun
O33 - MountPoints2\{52e9fd5a-1483-11de-949b-0040d0fffec1}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{878058cf-8fcf-11de-bdf1-0015afd3d13f}\Shell - "" = AutoRun
O33 - MountPoints2\{878058cf-8fcf-11de-bdf1-0015afd3d13f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8fd37b11-fadb-11df-a19b-0015afd3d13f}\Shell - "" = AutoRun
O33 - MountPoints2\{8fd37b11-fadb-11df-a19b-0015afd3d13f}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\A1Internetschutz.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.11.09 09:46:09 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{71EEA850-E676-4D77-858B-A9E21B30592B}
[2013.11.09 07:05:02 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{89171F51-E00E-4099-9D8E-4F35493E8376}
[2013.11.08 14:11:16 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{E002A23E-2222-4F77-B522-3B6CE22652B0}
[2013.11.08 10:08:08 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{D0086C83-AE7B-4927-8FFC-8B2C05A73B76}
[2013.11.08 09:39:02 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{9C763B92-DB22-44A2-803F-41298439EA5C}
[2013.11.07 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{0213AB53-19A0-42DB-A56C-098A6711071B}
[2013.11.07 20:03:22 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2013.11.07 20:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.11.07 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.11.07 20:03:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.11.07 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.11.07 20:02:26 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.75.0.1300.exe
[2013.11.05 09:51:56 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{B7C7F39A-A28F-4E6E-B06B-3FC21CCEDE1E}
[2013.11.04 12:20:41 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{F99E1EB7-336A-4E78-B5A9-70ADC7F5739B}
[2013.11.04 11:14:07 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{BE88EACE-0168-4444-8547-494C56055CB2}
[2013.11.03 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{CD610489-EF9F-4314-82B2-622CD3137363}
[2013.11.03 10:37:42 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{10EF4BD1-F956-4CD6-BBAF-484B2627A1B7}
[2013.11.03 07:54:35 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{2E2B0399-35C0-4CDD-9EDB-C24F79AE0886}
[2013.11.02 08:45:25 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{73071FED-08DB-462B-8610-F7C11B7EFB92}
[2013.11.01 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{52CFDABE-57DF-4CA3-94A4-689FE43A8DCA}
[2013.11.01 10:19:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.11.01 08:46:55 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{8DADD348-8387-487A-9557-AC716B1932EA}
[2013.10.31 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{B61B0D5F-232C-42AB-8C5D-0820D3E4506E}
[2013.10.31 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{3A3BACE4-361D-4A8A-89F0-8A8203F9613F}
[2013.10.30 16:18:52 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{428820B0-37C5-4F7C-8EB7-4549D14C268A}
[2013.10.29 18:06:09 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Macromedia
[2013.10.29 17:55:46 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.10.29 17:55:46 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.10.29 17:00:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.10.29 17:00:15 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.10.29 17:00:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.10.29 17:00:15 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.10.29 17:00:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.10.29 17:00:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.10.29 17:00:15 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.10.29 17:00:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.10.29 16:58:48 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.10.29 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.10.29 16:38:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.10.29 16:38:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.10.29 16:38:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.10.29 16:38:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.10.29 16:38:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.10.29 16:38:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.10.29 16:38:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.10.29 16:38:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.10.29 16:20:06 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{0D26344F-E6CA-46EF-8D98-8B1206930285}
[2013.10.28 18:14:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.10.28 18:13:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.10.28 18:13:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.10.28 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{4CEF1B9C-6ACD-4EBA-9C23-1542622E07EE}
[2013.10.24 17:47:12 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{0E6236F1-2EB1-4B8B-ACBB-99758435F06A}
[2013.10.23 16:01:46 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{881FDDF8-0B91-4B03-AF0D-022E180A2CA1}
[2013.10.23 15:36:01 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.23 15:34:34 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.23 15:34:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.23 15:33:19 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.10.23 15:30:04 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{9D87D834-5C81-4007-A78B-A91EF9BF50B7}
[2013.10.18 17:15:32 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{B929B9B4-FB8F-4BB0-8097-92535A98A703}
[2013.10.12 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\{2CED447A-1553-498C-96DF-1881E2802ECC}

========== Files - Modified Within 30 Days ==========

[2013.11.10 11:33:51 | 000,963,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.11.10 11:33:51 | 000,699,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.10 11:33:51 | 000,233,230 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.11.10 11:33:51 | 000,200,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.10 11:28:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.10 11:20:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.10 11:20:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.10 10:52:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.11.10 09:57:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.07 20:03:06 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.11.07 18:03:40 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.75.0.1300.exe
[2013.11.04 12:05:16 | 000,002,633 | ---- | M] () -- C:\Users\Felix\Desktop\Microsoft Office Excel 2007.lnk
[2013.11.03 08:04:16 | 000,000,680 | ---- | M] () -- C:\Users\Felix\AppData\Local\d3d9caps.dat
[2013.10.29 17:55:46 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.10.29 17:55:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.10.29 17:05:36 | 000,400,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.11.07 20:03:06 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.11.03 08:04:16 | 000,000,680 | ---- | C] () -- C:\Users\Felix\AppData\Local\d3d9caps.dat
[2013.10.29 17:55:47 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.07 17:28:32 | 000,083,968 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\Other.res
[2011.08.08 17:47:42 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011.06.07 15:39:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.01.27 11:00:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.02 13:15:25 | 000,287,631 | ---- | C] () -- C:\Users\Felix\Waterfall.jpg
[2008.09.09 18:27:00 | 000,031,232 | ---- | C] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

EXTRAS
Zitat:
OTL Extras logfile created on: 10.11.2013 11:34:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = f:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 85,72% Memory free
5,70 Gb Paging File | 5,51 Gb Available in Paging File | 96,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 204,99 Gb Total Space | 168,91 Gb Free Space | 82,40% Space Free | Partition Type: NTFS
Drive D: | 27,88 Gb Total Space | 19,99 Gb Free Space | 71,69% Space Free | Partition Type: FAT32
Drive F: | 7,22 Gb Total Space | 7,22 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24048E95-C214-4B07-A9BC-7B19D869DEF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3ACCBF61-A47B-4DD3-8153-3FE43FC6D672}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5BA3874B-28C9-481B-9327-CABD3FE42B1F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B788A0E-FD63-4FE4-B5B5-7309D4E3F78E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9235B62-D14C-41E2-A847-262ABBC9A0F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12155D55-9ACE-4879-B830-C180F87F792A}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{271CA79F-5772-4620-AC9E-EA4945FBF7CA}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe |
"{30C86446-D532-416E-A21F-879FDE237F90}" = protocol=17 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{3AE4826C-8F2A-4074-96A5-42C7A67B07B2}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{454D63B7-D374-4885-9641-7893B3781402}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe |
"{49DCDB9F-E09B-4B2E-9EC2-221FE68BB741}" = protocol=6 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{4B45F267-3744-49DD-9428-5872375FF67B}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1wlanassistent.exe |
"{55A7F468-33BF-459E-81F1-A60F4AA3A3A4}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1mailboxen.exe |
"{60895B72-AB99-4306-864A-94CA570F0088}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63B70144-BC7F-4623-8E85-82F076DD83EC}" = protocol=6 | dir=in | app=c:\program files\a1\a1 servicecenter\a1servicecenter.exe |
"{6475E9B1-5729-4F5B-B632-55041FE4E0BA}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{6C7FF9B4-2357-45C9-A9AC-AA37CDD5DBF4}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{7A0AB98E-E3D0-4733-A9A8-2A70AD826DEE}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{7F93707F-A4E3-403A-99D4-9CD0F0EB7639}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1modemkonfigurator.exe |
"{87707842-9446-4FEC-9053-1DFBC049E400}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{87BB5FDB-3CA1-4A57-8B56-F67F92B5C000}" = protocol=17 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{8A0E0918-6F73-4845-A97F-82106742186B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{924CF503-265A-4005-98A9-CEA52D292241}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A35721A5-05F5-4107-BE14-49B9AF151544}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B9B8C333-3BDB-4B0A-BA8B-2527D78523FF}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1mailboxen.exe |
"{BB33F2E0-1A43-4513-868B-2225211EAC22}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe |
"{BBF8EAC0-D13B-4DA3-958D-D405C5F63AAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C1045BA7-A776-4175-9467-411488458418}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe |
"{C3536E9B-C251-42BA-B6AE-859EB2C305B2}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe |
"{C5CA63C7-87CC-46D9-B416-5FB709E16842}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{CDB47D25-306A-421D-AA9E-678D076D75A5}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe |
"{CEE58730-FB6E-45CC-A173-A3E7BA861443}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DAD7D1D4-9596-4A1A-9B6E-88EB8CA79040}" = protocol=17 | dir=in | app=c:\program files\a1\a1 servicecenter\a1servicecenter.exe |
"{DAF8DDA7-B910-47C4-96CC-DB6B43D6F582}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{DCE1F635-67AA-4D68-B707-5461B1D08596}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{DE21A935-3281-4506-AD29-54BDAD43D2EA}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{E6B501F9-69FC-4D5F-AEC9-A8126D634250}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{F4DB05B1-0F0B-40E8-BED6-6F214BBE8193}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1modemkonfigurator.exe |
"{F9ADF120-BF43-4DA0-A762-99219D0AF296}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1wlanassistent.exe |
"{F9CDE445-8BD9-4046-A06B-8D2DD78706F7}" = protocol=6 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{F9FCB1E2-3A0F-4D37-81C5-A9ACEA8E74C7}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"TCP Query User{51D71DAC-16C5-4EDC-92A8-B21EC75982BD}C:\program files\a1 telekom austria\controller\aoncontroller.exe" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\controller\aoncontroller.exe |
"UDP Query User{C61DB670-655D-4D30-9ADF-C70BE2B4F430}C:\program files\a1 telekom austria\controller\aoncontroller.exe" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\controller\aoncontroller.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{291A06BB-7145-443F-9257-8913A928BD40}" = A1 Webassistent
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{7FE52176-F151-431E-9FCE-55CEDE7DBDAF}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{82680B83-6A0B-4501-9D97-CCE4F9D2BCC8}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905A7A49-C6AE-4F77-8E69-AE8B9629D719}" = A1 Internet Software
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"A1 Dashboard" = A1 Dashboard
"A1 Internet Software" = A1 Internet Software
"A1 Servicecenter" = A1 Servicecenter
"A1 Webassistent" = A1 Webassistent
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESB" = Easy Start Button
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"GOM Player" = GOM Player
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Display Vista Driver 7.14.14.0019
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.06.2012 10:27:40 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.06.2012 02:33:30 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msfeedssync.exe, Version 9.0.8112.16421, Zeitstempel
0x4d762516, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x16c4, Anwendungsstartzeit
01cd55c10378be8a.

Error - 15.07.2012 21:01:47 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 15.07.2012 21:01:48 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 15.07.2012 21:26:24 | Computer Name = Felix-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.07.2012 12:00:07 | Computer Name = Felix-PC | Source = VSS | ID = 8194
Description =

Error - 16.07.2012 12:04:54 | Computer Name = Felix-PC | Source = VSS | ID = 8194
Description =

Error - 16.07.2012 12:05:17 | Computer Name = Felix-PC | Source = System Restore | ID = 8193
Description =

Error - 16.07.2012 12:05:58 | Computer Name = Felix-PC | Source = VSS | ID = 8194
Description =

Error - 16.07.2012 12:06:18 | Computer Name = Felix-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 28.11.2010 06:54:39 | Computer Name = Felix-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 28.01.2011 12:32:49 | Computer Name = Felix-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 28.01.2011 12:33:15 | Computer Name = Felix-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 13.03.2012 13:50:50 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

Error - 18.05.2012 14:42:18 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

Error - 08.11.2013 14:58:35 | Computer Name = Felix-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ OSession Events ]
Error - 12.10.2013 09:09:04 | Computer Name = Felix-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01.11.2013 13:01:35 | Computer Name = Felix-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 375
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.11.2013 06:29:32 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Alt 10.11.2013, 14:17   #2
aharonov
/// TB-Ausbilder
 
Vista weißer Screen nach start, - Standard

Vista weißer Screen nach start,


Hallo,

funktioniert der normale Modus nach diesem Fix wieder?


Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    Code:
    ATTFilter
    :OTL
O20 - HKU\S-1-5-21-3629654413-1873076112-2002766980-1000 Winlogon: Shell - (C:\Users\Felix\AppData\Roaming\Other.res) - C:\Users\Felix\AppData\Roaming\Other.res ()

:commands
[emptytemp]
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.
Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.
__________________

__________________
Alt 10.11.2013, 14:21   #3
MefTical
 
Vista weißer Screen nach start, - Standard

Vista weißer Screen nach start,


Wie ich grad erfahren habe hat er sich vor ein paar tagen den Polizei-Virus entfernen lassen...scheint irgendwie eine spät folge von dem zu sein...

(warum kann ich den erste beitrag nicht editiern )
__________________
Geändert von MefTical (10.11.2013 um 14:25 Uhr) Grund: Falsch verstandene antwort >.<

Alt 10.11.2013, 14:26   #4
aharonov
/// TB-Ausbilder
 
Vista weißer Screen nach start, - Standard

Vista weißer Screen nach start,


Hast du obigen Fix ausgeführt?
__________________
cheers,
Leo

Alt 10.11.2013, 16:53   #5
MefTical
 
Vista weißer Screen nach start, - Standard

Vista weißer Screen nach start,


Jup...hat auch funktioniert

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3629654413-1873076112-2002766980-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Felix\AppData\Roaming\Other.res deleted successfully.
C:\Users\Felix\AppData\Roaming\Other.res moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Felix
->Temp folder emptied: 501386656 bytes
->Temporary Internet Files folder emptied: 210610417 bytes
->Java cache emptied: 3654130 bytes
->FireFox cache emptied: 1083723909 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 17829313 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 321006960 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.041,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11102013_143016

Edith: Ich denk mal das wars...Vielen Dank Leo

Edith2: kaum mitn Internet verbunden war der Polizei Virus wieder da -.-

Hab ihn wieder mit dem Fix entsperrt...wird Neu aufgesetzt
(jetzt kann er wenigstens die Daten sichern)

Dank Nochmal an LEO

Geändert von MefTical (10.11.2013 um 15:14 Uhr) Grund: Zu früh gefreut :(

Alt 11.11.2013, 17:46   #6
aharonov
/// TB-Ausbilder
 
Vista weißer Screen nach start, - Standard

Vista weißer Screen nach start,


Zitat:
wird Neu aufgesetzt
Ok, alles klar, danke für die Mitteilung.


Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
--> Vista weißer Screen nach start,

Antwort

Themen zu Vista weißer Screen nach start,
autorun, bho, bildschirm, booten, desktop, error, failed, firefox, flash player, format, helper, home, homepage, install.exe, intranet, logfile, mozilla, plug-in, port, realtek, registry, rundll, scan, senden, software, svchost.exe, udp, vista


« "Mögliche Archivbombe gefunden: home.1 und data.1 " - Die maximale Komprimierungsrate wurde überschritten. | W 7: trojan.ransom.ed mit pdf-download eingefangen »


Ähnliche Themen: Vista weißer Screen nach start,


  1. Windows 7 nach Start nur schwarzer Screen mit Explorer ohne Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (3)
  2. weißer bildschirm bei windows7, keinerlei reaktion, nach hochfahren nur schwarzer screen
    Log-Analyse und Auswertung - 08.05.2014 (3)
  3. Vista: normaler Windows-Start, dann weißer Bildschirm
    Log-Analyse und Auswertung - 04.03.2014 (7)
  4. Windows 7 Home Premium nach Boot nur noch weißer Screen & Abgesicherter Modus startet sofort neu
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (14)
  5. weißer BIldschirm nach PC Start.
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (14)
  6. Windows XP - Nach System-Start weißer Screen - FRST Logfile
    Log-Analyse und Auswertung - 13.08.2013 (13)
  7. Windows Vista weißer Bildschirm nach Windows Start
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  8. trojan.agent.ad auf Laptop gefunden, white-screen nach Start von WinXP
    Log-Analyse und Auswertung - 05.07.2013 (6)
  9. Weißer Bildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (17)
  10. weißer Bildschirm beim Start von Windows vista 64bit
    Log-Analyse und Auswertung - 20.05.2013 (11)
  11. Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.
    Log-Analyse und Auswertung - 11.05.2013 (22)
  12. 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!
    Mülltonne - 04.05.2013 (1)
  13. Weißer Bildschirm nach Windows Start (Vista)
    Log-Analyse und Auswertung - 14.01.2013 (7)
  14. White Screen nach Computerstart Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (24)
  15. Weißer Bildschirm nach Start
    Log-Analyse und Auswertung - 12.09.2012 (13)
  16. Bei Start von Windows Vista kommt ein weißer Bildschirm - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  17. Roter Screen nach Windows-Start OHNE Meldung
    Plagegeister aller Art und deren Bekämpfung - 23.11.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vista weißer Screen nach start, - Mahlzeit...!! Mein Arbeitskollege hat sich, so wies aussieht, auf seinen Lappi was eingefangen... NAch dem Booten kommt ein weißer Bildschirm und dass bleibt auch so... Abgesicherter Modus funktioniert, OTL logs - Vista weißer Screen nach start,...
Archiv
Du betrachtest: Vista weißer Screen nach start, auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129