Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Live Security entfernen, aber wie (https://www.trojaner-board.de/119394-live-security-entfernen.html)

pinpin1 13.07.2012 16:02

Live Security entfernen, aber wie
 
Hallo,

ich habe den Live Security auf meinem Computer. Habe mit MalwareBytes zwar komplett gescannt und alle einträge auch entfernt. Aber jetzt taucht das Programm schon wieder auf. Was tun? DANKE für die Hilfe.:headbang:

markusg 13.07.2012 16:06

hi
starte neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich im betroffenen konto an
öffne malwarebytes, logdateien, poste alle beriche
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

pinpin1 13.07.2012 16:16

OTL Logfile:
Code:

OTL logfile created on: 13.07.2012 17:06:51 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = D:\Downloads\Progs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,42% Memory free
4,00 Gb Paging File | 2,22 Gb Available in Paging File | 55,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,00 Gb Total Space | 57,09 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 7,02 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 32,29 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive F: | 72,88 Gb Total Space | 68,61 Gb Free Space | 94,14% Space Free | Partition Type: NTFS
Drive G: | 5,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.13 16:48:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\Progs\OTL.exe
PRC - [2012.07.07 18:12:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Anwendungen\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anwendungen\Utilities\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.07.02 20:49:12 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.25 15:10:22 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.05.08 19:52:18 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Anwendungen\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:52:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Anwendungen\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:52:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Anwendungen\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\Anwendungen\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2009.12.11 00:04:22 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009.09.15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.07 18:12:36 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Anwendungen\Mozilla Firefox\mozjs.dll
MOD - [2012.07.02 20:49:12 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.25 15:10:12 | 000,162,816 | ---- | M] () -- C:\Programme\Web Assistant\Extension32.dll
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.07 18:12:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.07 15:13:25 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012.06.25 15:10:22 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.05.08 19:52:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Anwendungen\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:52:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Anwendungen\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\Anwendungen\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.12.11 00:04:22 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:52:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:52:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV:64bit: - [2007.02.12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2011.07.28 12:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 11 F6 90 B8 CC CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb167/?search={searchTerms}&loc=IB_DS&a=6OyHIWieLU&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.07.12 16:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Anwendungen\DTP_Bild\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.23 19:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.12 16:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Anwendungen\Mozilla Firefox\components [2012.07.07 18:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Anwendungen\Mozilla Firefox\plugins [2012.01.23 19:44:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Anwendungen\Mozilla Firefox\components [2012.07.07 18:12:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Anwendungen\Mozilla Firefox\plugins [2012.01.23 19:44:48 | 000,000,000 | ---D | M]
 
[2012.01.04 14:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mete\AppData\Roaming\mozilla\Extensions
[2012.07.13 11:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mete\AppData\Roaming\mozilla\Firefox\Profiles\m05mi0mm.default\extensions
[2012.02.20 16:30:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mete\AppData\Roaming\mozilla\Firefox\Profiles\m05mi0mm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.26 21:24:01 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Mete\AppData\Roaming\mozilla\Firefox\Profiles\m05mi0mm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.07.12 16:44:22 | 000,002,203 | ---- | M] () -- C:\Users\Mete\AppData\Roaming\Mozilla\Firefox\Profiles\m05mi0mm.default\searchplugins\MyStart Search.xml
[2012.07.12 16:44:26 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.01.06 15:27:22 | 000,013,074 | ---- | M] () (No name found) -- C:\USERS\METE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M05MI0MM.DEFAULT\EXTENSIONS\{B0D70E72-2FC1-4B9F-A3D4-5921C854D906}.XPI
[2012.02.19 23:20:44 | 000,040,484 | ---- | M] () (No name found) -- C:\USERS\METE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M05MI0MM.DEFAULT\EXTENSIONS\DOWNLOADER@VIDEO-PARK.DE.XPI
 
O1 HOSTS File: ([2012.01.05 17:13:05 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Anwendungen\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [oqpexuri] "C:\Users\Mete\AppData\Local\jacvljhp.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Mete\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mete\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F005F311-D9A0-4721-981F-799C7D110874}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.13 11:12:34 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4983be2c-36c7-11e1-beba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4983be2c-36c7-11e1-beba-806e6f6e6963}\Shell\AutoRun\command - "" = G:\start.exe -- [2010.04.08 18:28:18 | 005,603,475 | R--- | M] (video2brain                        )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.13 16:55:39 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mete\Desktop\OTH.scr
[2012.07.13 14:35:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.13 14:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.13 14:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.07.12 16:46:06 | 000,000,000 | ---D | C] -- C:\Users\Mete\Documents\My Cheat Tables
[2012.07.12 16:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012.07.12 16:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012.07.12 16:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.19 12:04:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\roboex32.dll
[2012.06.19 12:04:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\inetwh32.dll
[2012.06.19 07:13:33 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 07:13:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 07:13:32 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 07:13:20 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 07:13:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 07:13:20 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 07:13:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 07:13:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.17 19:16:07 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Tabctl32.ocx
[2012.06.17 19:16:07 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscmcde.dll
[2012.06.17 19:16:07 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb6de.dll
[2012.06.17 19:16:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstdfmt.dll
[2012.06.17 19:16:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Tabctde.dll
[2012.06.17 19:16:07 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winskde.dll
[2012.06.17 19:16:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stdftde.dll
[2012.06.17 19:16:06 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomctl.ocx
[2012.06.17 19:16:06 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2012.06.17 19:16:06 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mswinsck.ocx
[2012.06.15 08:45:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.15 08:45:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.15 08:45:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.15 08:45:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.15 08:45:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.15 08:45:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.15 08:45:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.15 08:45:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.15 08:45:17 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.15 08:45:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.15 08:45:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.15 08:45:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.15 08:45:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.15 08:44:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.15 08:44:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.15 08:44:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.15 08:44:15 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.15 08:44:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.15 08:44:14 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.15 08:43:58 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.06.15 08:43:57 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.13 16:55:23 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mete\Desktop\OTH.scr
[2012.07.13 16:31:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 16:31:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 16:30:42 | 000,058,880 | ---- | M] () -- C:\Users\Mete\AppData\Local\kdmgamnx
[2012.07.13 16:24:16 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.07.13 16:24:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.13 16:24:08 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 16:23:19 | 000,035,583 | ---- | M] () -- C:\Users\Mete\AppData\Local\coalhbgb.exe
[2012.07.13 14:37:04 | 000,001,403 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 14:17:12 | 000,000,000 | ---- | M] () -- C:\Users\Mete\AppData\Roaming\SharedSettings.ccs
[2012.07.12 16:44:40 | 000,001,089 | ---- | M] () -- C:\Users\Mete\Desktop\Cheat Engine.lnk
[2012.07.12 16:44:32 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.09 23:20:16 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012.07.07 15:13:25 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2012.07.06 23:24:43 | 000,001,456 | ---- | M] () -- C:\Users\Mete\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.07.04 12:42:57 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.07.03 21:00:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 21:00:41 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 21:00:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 21:00:41 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 21:00:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 20:52:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2012.07.02 20:50:40 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2012.07.02 20:49:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.02 20:49:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.29 20:26:43 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Turbo Lister.lnk
[2012.06.19 12:10:26 | 004,971,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.19 12:04:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\Windows\SysWow64\roboex32.dll
[2012.06.19 12:04:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\inetwh32.dll
[2012.06.17 19:16:32 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2012.06.14 20:32:02 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.13 16:30:42 | 000,058,880 | ---- | C] () -- C:\Users\Mete\AppData\Local\kdmgamnx
[2012.07.13 16:23:16 | 000,035,583 | ---- | C] () -- C:\Users\Mete\AppData\Local\coalhbgb.exe
[2012.07.13 14:37:04 | 000,001,403 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 14:17:12 | 000,000,000 | ---- | C] () -- C:\Users\Mete\AppData\Roaming\SharedSettings.ccs
[2012.07.12 16:44:40 | 000,001,089 | ---- | C] () -- C:\Users\Mete\Desktop\Cheat Engine.lnk
[2012.07.12 16:44:31 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.07 15:14:00 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.06.29 20:26:43 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Turbo Lister.lnk
[2012.06.19 12:10:09 | 004,971,944 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.17 19:16:32 | 000,001,274 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2012.06.17 19:16:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.04.09 18:00:50 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.02.20 22:54:04 | 000,003,584 | ---- | C] () -- C:\Users\Mete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.09 15:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.01.28 13:12:40 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.14 22:32:59 | 000,001,456 | ---- | C] () -- C:\Users\Mete\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.01.09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.01.08 17:59:00 | 000,000,132 | ---- | C] () -- C:\Users\Mete\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.06 00:24:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organic
[2012.01.06 00:24:31 | 000,000,268 | RH-- | C] () -- C:\Users\Mete\AppData\Roaming\Nature
[2012.01.06 00:24:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.01.06 00:24:31 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pianos and Keyboards
[2012.01.06 00:24:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs
[2012.01.06 00:24:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Noise Gate
[2012.01.06 00:24:11 | 000,000,268 | RH-- | C] () -- C:\Users\Mete\AppData\Roaming\Nature Sounds
[2012.01.06 00:24:11 | 000,000,268 | RH-- | C] () -- C:\Users\Mete\AppData\Roaming\Multipressor
[2012.01.06 00:24:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.01.06 00:24:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.01.06 00:24:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pipe Organ
[2012.01.06 00:24:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Piano Hard
[2012.01.06 00:18:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2012.01.06 00:18:09 | 000,000,268 | RH-- | C] () -- C:\Users\Mete\AppData\Roaming\Mail
[2012.01.06 00:18:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2012.01.06 00:18:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive
[2012.01.06 00:11:53 | 000,000,268 | RH-- | C] () -- C:\Users\Mete\AppData\Roaming\MIDI Patch Names
[2012.01.06 00:11:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Master
[2012.01.06 00:11:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012.01.06 00:11:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices
[2012.01.06 00:01:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2012.01.06 00:01:34 | 000,000,268 | RH-- | C] () -- C:\Users\Mete\AppData\Roaming\Static Library
[2012.01.05 23:57:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.01.05 11:24:51 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\xiaidi6.dll
[2012.01.05 11:24:51 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2012.01.05 11:24:51 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2012.01.05 11:24:51 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.01.05 11:24:51 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.01.05 11:24:51 | 000,000,335 | ---- | C] () -- C:\Windows\SysWow64\ayex6pf.dll
[2012.01.05 11:24:51 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2012.01.05 11:24:51 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012.01.05 11:24:51 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v16qi5y.dll
[2012.01.04 15:45:23 | 000,000,223 | ---- | C] () -- C:\Windows\KcMV3DGD.ini
[2012.01.04 14:36:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012.01.04 13:31:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
 
========== LOP Check ==========
 
[2012.02.23 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\avidemux
[2012.01.29 23:59:36 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.16 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\DVDVideoSoft
[2012.02.20 16:30:36 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.04 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\EPSON
[2012.03.09 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\Free Sound Recorder
[2012.04.09 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\Nik Software
[2012.01.06 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\Nikon
[2012.06.04 14:14:52 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\Nokia
[2012.06.02 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\PC Suite
[2012.04.09 20:35:17 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.20 16:27:03 | 000,000,000 | ---D | M] -- C:\Users\Mete\AppData\Roaming\Win7codecs
[2012.07.13 16:24:16 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.06.05 02:07:00 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012.06.04 11:37:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---


OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 13.07.2012 17:06:51 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = D:\Downloads\Progs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,42% Memory free
4,00 Gb Paging File | 2,22 Gb Available in Paging File | 55,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,00 Gb Total Space | 57,09 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 7,02 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 32,29 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive F: | 72,88 Gb Total Space | 68,61 Gb Free Space | 94,14% Space Free | Partition Type: NTFS
Drive G: | 5,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Anwendungen\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\PhotoshopCS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\PhotoshopCS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB7C5C4-F92C-40E3-AE8A-4FB8775E3A35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0E7AF942-4784-4831-9A2C-FE2D9DC4376F}" = lport=138 | protocol=17 | dir=in | app=system |
"{201BBFA2-804B-4219-9FD9-1BF873D14F0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{209ED0F2-E16D-4BDF-BCD7-358BD54A617B}" = rport=137 | protocol=17 | dir=out | app=system |
"{34B70C13-3E61-41EF-93D8-49B0F9CCDEA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44143B79-0295-4899-9529-C306F8B015FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C545B61-C768-452B-B773-63632E13F3FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5CDCECD6-E3DA-47DB-861D-BF637449A8FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65DB8BF9-6AC5-4590-9211-CB0E01701D76}" = rport=139 | protocol=6 | dir=out | app=system |
"{708423A2-FC94-4332-AD47-995E097C285C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8354F02E-2BCE-4717-B3B2-ECD7D0459A86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86D8B65D-5909-497A-B6EA-E8CCA3A79ABB}" = rport=138 | protocol=17 | dir=out | app=system |
"{8730E5D8-15C0-41C7-A89E-625C07DBACE0}" = lport=139 | protocol=6 | dir=in | app=system |
"{91E2747D-D3A8-4973-AC25-F13E6864C40F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F66F08B-8A7E-4DC1-8009-F9D8E0A4135B}" = rport=445 | protocol=6 | dir=out | app=system |
"{A31CC11D-A41F-4C56-806B-2243C539B76E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A652C21E-C727-47CD-AE9E-CB2429BA9000}" = lport=137 | protocol=17 | dir=in | app=system |
"{AC2F1801-177A-453A-ACDB-184E0B045403}" = lport=445 | protocol=6 | dir=in | app=system |
"{B30F195F-E29B-41D5-A8DC-5F8B31A6C216}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC51BCBA-BFC7-41EE-BC71-B5EE7615BBFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4198DA4-5256-4CFD-BECF-E28B6869BE80}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBF9CB11-E011-49F6-B10C-74CDF27571E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E09EDB00-45CD-4765-8AC3-62F639582C61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEB09181-EDCD-49FC-8E74-5F5E1E9776C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFA4B40-6FB4-4542-B2C0-48617B8E99E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{154B2CD2-9FE9-42BD-B6DF-EDBEBF2A6C16}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1CB28380-C344-4004-93F3-87631DBE7D95}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{236C43AD-8651-4BF0-AFCC-AD9215B78298}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25BBEE00-9684-4AB7-BE16-85542872C12A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2BB73CC7-9EDC-40C2-A793-378D4C5488EE}" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{5A8D72CC-7C59-41D8-BF98-C2C0302C6151}" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\app\starmoney.exe |
"{64563103-64FA-4439-A535-CC6BF2A21DCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{751113F2-EA69-4741-8750-D6C2F1E83824}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{762F02B0-2694-45EA-8142-78E00B916876}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{83E78234-A4B8-4387-974B-82272784EF8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{87C5B604-3C6E-4269-B463-FF495F18962B}" = protocol=6 | dir=out | app=system |
"{907F6724-F680-4264-9FCA-8706FF7F2BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{961ED9D9-42FE-404B-BE49-D2F5EA45AEB1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DA484B0-214F-4CA9-9998-E4ADC80AE5E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DC29953-2DA4-46E4-92FA-E7924AD2CBE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FDCA914-BF4C-4882-B7FB-2DB2E974CD6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACBD2908-5593-4A00-B505-33A52FAAB383}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5BA1017-A0BD-498B-A2A3-FD4F39EB35E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C62B8648-A709-49BA-896C-220019B72C05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C64E1BF3-29A3-4F9C-95B5-D1515365985E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6C7FC91-8007-41E6-8359-1E1554D61A21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC15DA8B-472D-4D5D-BF6A-7F2302F6A832}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9F5C54D-4486-4623-BF45-A34C1C1EA0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\app\starmoney.exe |
"{EB240ECD-FB4F-4D18-9D1F-1164CC79D62B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBAE8EBB-615D-47F6-AB61-090CF591A433}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FE069FF7-4117-4847-A5A4-9498E44AD0FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9A54DF90-A8F8-466D-BBEE-BD08D20CC8DE}C:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe |
"TCP Query User{A3A80A8B-2E18-47B3-A5F5-D08980B7C1E0}C:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe |
"UDP Query User{84511BC8-103D-4101-B996-2850B463FE3E}C:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe |
"UDP Query User{E3346C97-5121-4C15-A974-0FAABADBA45A}C:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC}" = Topaz ReMask 3 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.462
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5F8288E0-31CC-4047-A004-B2B831141FF6}" = Deutsche Post E-Porto
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1C76B285-6525-4260-AA55-F42A1ADBFED1}" = StarMoney 8.0 S-Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFA43BB0-E759-4CA4-B156-6796F6349D1F}" = KM-NET for Clients
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Scanner" = EPSON Scan
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"InstallShield_{DFA43BB0-E759-4CA4-B156-6796F6349D1F}" = KM-NET for Clients
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Photocopier Pro_is1" = Photocopier Pro Version 4.02
"Silver Efex Pro" = Silver Efex Pro
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz ReMask 3 (64-bit)" = Topaz ReMask 3 (64-bit)
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.5
"WinRAR archiver" = WinRAR
"Wise PC Engineer_is1" = Wise PC Engineer 6.3.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2012 05:37:48 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.07.2012 08:10:27 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 01:52:51 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 04:53:03 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 08:35:32 | Computer Name = Mete-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0C1D17390008FD4B02B7D1ABF875EF60.exe,
 Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7  Name des fehlerhaften Moduls: 0C1D17390008FD4B02B7D1ABF875EF60.exe,
 Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7  Ausnahmecode: 0xc0000005  Fehleroffset:
0x00002d1c  ID des fehlerhaften Prozesses: 0xc0  Startzeit der fehlerhaften Anwendung:
 0x01cd60f3fd75f550  Pfad der fehlerhaften Anwendung: C:\ProgramData\0C1D17390008FD4B02B7D1ABF875EF60\0C1D17390008FD4B02B7D1ABF875EF60.exe
Pfad
 des fehlerhaften Moduls: C:\ProgramData\0C1D17390008FD4B02B7D1ABF875EF60\0C1D17390008FD4B02B7D1ABF875EF60.exe
Berichtskennung:
 3c474950-cce7-11e1-850d-0030670a78ba
 
Error - 13.07.2012 08:40:10 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 09:38:50 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 09:45:42 | Computer Name = Mete-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17678,
 Zeitstempel: 0x4e5c71cc  Ausnahmecode: 0xc0000006  Fehleroffset: 0x00000000000f8ba1
ID
 des fehlerhaften Prozesses: 0x854  Startzeit der fehlerhaften Anwendung: 0x01cd60fc9c35e800
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\SHELL32.dll  Berichtskennung: 09ada0c0-ccf1-11e1-bdf4-0030670a78ba
 
Error - 13.07.2012 09:45:42 | Computer Name = Mete-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "G:\rohmaterial\Alle_Layoutdokumente\Editorial
 Folder\Document fonts\MYRIADPRO-LIGHT.OTF" zugegriffen werden:  Es besteht ein Problem
 mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den
 auf dem Computer installierten  Speichertreibern, oder der Datenträger fehlt.  Das
Programm Windows-Explorer wurde wegen dieses Fehlers geschlossen.    Programm: Windows-Explorer
Datei:
 G:\rohmaterial\Alle_Layoutdokumente\Editorial Folder\Document fonts\MYRIADPRO-LIGHT.OTF

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1.
Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und  - diese sich im Netzwerk
befindet,  dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.  - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
  Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000010  Datenträgertyp: 5
 
Error - 13.07.2012 10:26:00 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 07.05.2012 15:36:31 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.05.2012 15:36:31 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.05.2012 15:47:22 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.05.2012 15:47:22 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 08.05.2012 03:40:18 | Computer Name = Mete-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.05.2012 03:40:18 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.05.2012 05:21:10 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.05.2012 09:32:43 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.05.2012 13:51:12 | Computer Name = Mete-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.05.2012 13:51:12 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

--- --- ---

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 13.07.2012 17:06:51 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = D:\Downloads\Progs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,42% Memory free
4,00 Gb Paging File | 2,22 Gb Available in Paging File | 55,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,00 Gb Total Space | 57,09 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 7,02 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 32,29 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive F: | 72,88 Gb Total Space | 68,61 Gb Free Space | 94,14% Space Free | Partition Type: NTFS
Drive G: | 5,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Anwendungen\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\PhotoshopCS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\PhotoshopCS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB7C5C4-F92C-40E3-AE8A-4FB8775E3A35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0E7AF942-4784-4831-9A2C-FE2D9DC4376F}" = lport=138 | protocol=17 | dir=in | app=system |
"{201BBFA2-804B-4219-9FD9-1BF873D14F0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{209ED0F2-E16D-4BDF-BCD7-358BD54A617B}" = rport=137 | protocol=17 | dir=out | app=system |
"{34B70C13-3E61-41EF-93D8-49B0F9CCDEA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44143B79-0295-4899-9529-C306F8B015FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C545B61-C768-452B-B773-63632E13F3FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5CDCECD6-E3DA-47DB-861D-BF637449A8FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65DB8BF9-6AC5-4590-9211-CB0E01701D76}" = rport=139 | protocol=6 | dir=out | app=system |
"{708423A2-FC94-4332-AD47-995E097C285C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8354F02E-2BCE-4717-B3B2-ECD7D0459A86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86D8B65D-5909-497A-B6EA-E8CCA3A79ABB}" = rport=138 | protocol=17 | dir=out | app=system |
"{8730E5D8-15C0-41C7-A89E-625C07DBACE0}" = lport=139 | protocol=6 | dir=in | app=system |
"{91E2747D-D3A8-4973-AC25-F13E6864C40F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F66F08B-8A7E-4DC1-8009-F9D8E0A4135B}" = rport=445 | protocol=6 | dir=out | app=system |
"{A31CC11D-A41F-4C56-806B-2243C539B76E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A652C21E-C727-47CD-AE9E-CB2429BA9000}" = lport=137 | protocol=17 | dir=in | app=system |
"{AC2F1801-177A-453A-ACDB-184E0B045403}" = lport=445 | protocol=6 | dir=in | app=system |
"{B30F195F-E29B-41D5-A8DC-5F8B31A6C216}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC51BCBA-BFC7-41EE-BC71-B5EE7615BBFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4198DA4-5256-4CFD-BECF-E28B6869BE80}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBF9CB11-E011-49F6-B10C-74CDF27571E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E09EDB00-45CD-4765-8AC3-62F639582C61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEB09181-EDCD-49FC-8E74-5F5E1E9776C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFA4B40-6FB4-4542-B2C0-48617B8E99E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{154B2CD2-9FE9-42BD-B6DF-EDBEBF2A6C16}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1CB28380-C344-4004-93F3-87631DBE7D95}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{236C43AD-8651-4BF0-AFCC-AD9215B78298}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25BBEE00-9684-4AB7-BE16-85542872C12A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2BB73CC7-9EDC-40C2-A793-378D4C5488EE}" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{5A8D72CC-7C59-41D8-BF98-C2C0302C6151}" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\app\starmoney.exe |
"{64563103-64FA-4439-A535-CC6BF2A21DCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{751113F2-EA69-4741-8750-D6C2F1E83824}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{762F02B0-2694-45EA-8142-78E00B916876}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{83E78234-A4B8-4387-974B-82272784EF8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{87C5B604-3C6E-4269-B463-FF495F18962B}" = protocol=6 | dir=out | app=system |
"{907F6724-F680-4264-9FCA-8706FF7F2BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{961ED9D9-42FE-404B-BE49-D2F5EA45AEB1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DA484B0-214F-4CA9-9998-E4ADC80AE5E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DC29953-2DA4-46E4-92FA-E7924AD2CBE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FDCA914-BF4C-4882-B7FB-2DB2E974CD6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACBD2908-5593-4A00-B505-33A52FAAB383}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5BA1017-A0BD-498B-A2A3-FD4F39EB35E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C62B8648-A709-49BA-896C-220019B72C05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C64E1BF3-29A3-4F9C-95B5-D1515365985E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6C7FC91-8007-41E6-8359-1E1554D61A21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC15DA8B-472D-4D5D-BF6A-7F2302F6A832}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9F5C54D-4486-4623-BF45-A34C1C1EA0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\starmoney 8.0 s-edition\app\starmoney.exe |
"{EB240ECD-FB4F-4D18-9D1F-1164CC79D62B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBAE8EBB-615D-47F6-AB61-090CF591A433}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FE069FF7-4117-4847-A5A4-9498E44AD0FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9A54DF90-A8F8-466D-BBEE-BD08D20CC8DE}C:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe |
"TCP Query User{A3A80A8B-2E18-47B3-A5F5-D08980B7C1E0}C:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe |
"UDP Query User{84511BC8-103D-4101-B996-2850B463FE3E}C:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\hardware\km-net for clients\kmcl.exe |
"UDP Query User{E3346C97-5121-4C15-A974-0FAABADBA45A}C:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anwendungen\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC}" = Topaz ReMask 3 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.462
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5F8288E0-31CC-4047-A004-B2B831141FF6}" = Deutsche Post E-Porto
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1C76B285-6525-4260-AA55-F42A1ADBFED1}" = StarMoney 8.0 S-Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFA43BB0-E759-4CA4-B156-6796F6349D1F}" = KM-NET for Clients
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Scanner" = EPSON Scan
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"InstallShield_{DFA43BB0-E759-4CA4-B156-6796F6349D1F}" = KM-NET for Clients
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Photocopier Pro_is1" = Photocopier Pro Version 4.02
"Silver Efex Pro" = Silver Efex Pro
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz ReMask 3 (64-bit)" = Topaz ReMask 3 (64-bit)
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.5
"WinRAR archiver" = WinRAR
"Wise PC Engineer_is1" = Wise PC Engineer 6.3.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2012 05:37:48 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.07.2012 08:10:27 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 01:52:51 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 04:53:03 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 08:35:32 | Computer Name = Mete-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0C1D17390008FD4B02B7D1ABF875EF60.exe,
 Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7  Name des fehlerhaften Moduls: 0C1D17390008FD4B02B7D1ABF875EF60.exe,
 Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7  Ausnahmecode: 0xc0000005  Fehleroffset:
0x00002d1c  ID des fehlerhaften Prozesses: 0xc0  Startzeit der fehlerhaften Anwendung:
 0x01cd60f3fd75f550  Pfad der fehlerhaften Anwendung: C:\ProgramData\0C1D17390008FD4B02B7D1ABF875EF60\0C1D17390008FD4B02B7D1ABF875EF60.exe
Pfad
 des fehlerhaften Moduls: C:\ProgramData\0C1D17390008FD4B02B7D1ABF875EF60\0C1D17390008FD4B02B7D1ABF875EF60.exe
Berichtskennung:
 3c474950-cce7-11e1-850d-0030670a78ba
 
Error - 13.07.2012 08:40:10 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 09:38:50 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2012 09:45:42 | Computer Name = Mete-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17678,
 Zeitstempel: 0x4e5c71cc  Ausnahmecode: 0xc0000006  Fehleroffset: 0x00000000000f8ba1
ID
 des fehlerhaften Prozesses: 0x854  Startzeit der fehlerhaften Anwendung: 0x01cd60fc9c35e800
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\SHELL32.dll  Berichtskennung: 09ada0c0-ccf1-11e1-bdf4-0030670a78ba
 
Error - 13.07.2012 09:45:42 | Computer Name = Mete-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "G:\rohmaterial\Alle_Layoutdokumente\Editorial
 Folder\Document fonts\MYRIADPRO-LIGHT.OTF" zugegriffen werden:  Es besteht ein Problem
 mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den
 auf dem Computer installierten  Speichertreibern, oder der Datenträger fehlt.  Das
Programm Windows-Explorer wurde wegen dieses Fehlers geschlossen.    Programm: Windows-Explorer
Datei:
 G:\rohmaterial\Alle_Layoutdokumente\Editorial Folder\Document fonts\MYRIADPRO-LIGHT.OTF

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1.
Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und  - diese sich im Netzwerk
befindet,  dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.  - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
  Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000010  Datenträgertyp: 5
 
Error - 13.07.2012 10:26:00 | Computer Name = Mete-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 07.05.2012 15:36:31 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.05.2012 15:36:31 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.05.2012 15:47:22 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.05.2012 15:47:22 | Computer Name = Mete-PC | Source = DCOM | ID = 10016
Description =
 
Error - 08.05.2012 03:40:18 | Computer Name = Mete-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.05.2012 03:40:18 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.05.2012 05:21:10 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.05.2012 09:32:43 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.05.2012 13:51:12 | Computer Name = Mete-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.05.2012 13:51:12 | Computer Name = Mete-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

--- --- ---

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXXX [Administrator]

13.07.2012 16:48:50
mbam-log-2012-07-13 (16-48-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340072
Laufzeit: 46 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CG8GS9V7\3[1].exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hallo,

seit dem letzten Scan mit Malware und OTL (Logfiles oben) scheint Live Security verschwunden zu sein. Aber jetzt fährt Win7 verdammt langsam hoch und herunterfahren ist ebenfalls viel langsamer. Weiß jemand einen Rat? Sind irgendwo noch irgendwelche Dinge vom Live Security auf der HDD? DANKE im Voraus.

markusg 15.07.2012 21:33

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132