Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sicherheitscenter schaltet immer ab (https://www.trojaner-board.de/122185-sicherheitscenter-schaltet-immer-ab.html)

heuberg17 15.08.2012 16:09
Sicherheitscenter schaltet immer ab
 
Hier ist der Logfile:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Franke :: FRANKE-PC [Administrator]

Schutz: Aktiviert

15.08.2012 15:01:27
mbam-log-2012-08-15 (15-01-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343508
Laufzeit: 37 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Winlock.P) -> Daten: C:\Users\Franke\AppData\Roaming\Identities\{E85B5700-F752-4AAF-AFA2-1194CE39C70E}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Franke\AppData\Roaming\Identities\{E85B5700-F752-4AAF-AFA2-1194CE39C70E}\LicenseValidator.exe (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 15.08.2012 16:34
hi
erst mal fängt man vllt mit nem "hallo" oder ähnlichem an, so viel zeit muss sein :-)
danach kommt ne problem beschreibung...
und dann, evtl. bisherige schritte, die du selbstständig unternommen hast, damit wir nen gesammt bild haben
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

heuberg17 15.08.2012 17:03
Hallo Markus,

danke für die Hinweise.

Hier der Inhalt von OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 15.08.2012 17:54:02 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 59,10% Memory free
3,50 Gb Paging File | 1,99 Gb Available in Paging File | 56,86% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,71 Gb Total Space | 60,79 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive E: | 834,70 Gb Total Space | 791,34 Gb Free Space | 94,81% Space Free | Partition Type: NTFS
 
Computer Name: FRANKE-PC | User Name: Franke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.15 17:50:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012.08.08 17:03:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.08 15:31:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:31:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2008.03.25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.05.16 09:57:08 | 002,342,983 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\Normal.dll
MOD - [2010.04.16 12:38:30 | 000,344,131 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\work.dll
MOD - [2010.04.14 15:44:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\GVTunner.dll
MOD - [2010.04.13 14:38:16 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\OCK.dll
MOD - [2010.04.07 16:35:14 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\MFCCPU.DLL
MOD - [2010.04.02 17:04:20 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\AMD8.dll
MOD - [2010.03.12 06:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\Platform.dll
MOD - [2010.03.12 06:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\Device.dll
MOD - [2010.01.12 18:09:20 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\SF.dll
MOD - [2009.12.22 17:52:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\ycc.dll
MOD - [2009.10.21 15:07:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\HM.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2008.05.07 16:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\CIAMIB.dll
MOD - [2008.03.25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
MOD - [2003.02.14 15:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\Sound.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.07 04:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012.08.15 17:47:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.21 16:27:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 15:31:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:31:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Programme\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.07 14:21:04 | 000,277,904 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv10.sys -- (acedrv10)
DRV:64bit: - [2012.07.07 14:21:04 | 000,228,000 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acehlp10.sys -- (acehlp10)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 15:31:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:31:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.02.18 14:55:42 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.02.18 14:55:42 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2010.04.27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.04.07 04:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.07 03:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.02.09 11:43:08 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2007.09.10 10:50:26 | 000,527,360 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2012.08.15 16:17:24 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.08.15 16:17:08 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.03.12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\SearchScopes,DefaultScope = {ACA07BA6-8A1B-493f-B56C-5B4D7577F220}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ACA07BA6-8A1B-493f-B56C-5B4D7577F220}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.24 20:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.14 17:15:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 17:15:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.14 17:15:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 17:15:45 | 000,000,000 | ---D | M]
 
[2011.11.18 12:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franke\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franke\AppData\Roaming\mozilla\Firefox\Profiles\57uj9t7g.default\extensions
[2012.03.19 08:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.21 16:27:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.09 20:43:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.02 17:05:13 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.05.09 20:43:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.09 20:43:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.09 20:43:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.09 20:43:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.09 20:43:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Franke\AppData\Roaming\TeamViewer\{A38CE54A-8453-4A22-9675-8E95E4A49DDA}\UpgradeHelper.exe ()
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{287E785A-8F54-4120-9AE9-E3AF48D052D8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14f605cb-9672-11e1-9f02-1c6f65878527}\Shell - "" = AutoRun
O33 - MountPoints2\{14f605cb-9672-11e1-9f02-1c6f65878527}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{c7a1ae7a-11b5-11e1-aeb2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c7a1ae7a-11b5-11e1-aeb2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 17:08:30 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\Windows Desktop Search
[2012.08.15 16:41:50 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\Sun
[2012.08.15 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\Opera
[2012.08.15 16:26:10 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\Google Inc
[2012.08.15 15:00:19 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\Malwarebytes
[2012.08.15 15:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.15 15:00:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.15 15:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.15 10:28:48 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{2EEE9FB0-0E06-4B7B-AAB6-1EED7E626808}
[2012.08.15 10:28:27 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{5D419186-95E5-4CBD-AD51-B080672541F0}
[2012.08.14 17:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.14 17:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.14 17:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.08.14 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.08.14 17:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.08.14 11:41:22 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{76C5F2EC-281A-47AF-925E-45972D25A0E1}
[2012.08.14 11:41:00 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{05A5349E-0684-41BB-B283-5BDE2072FECA}
[2012.08.13 12:20:39 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\Help
[2012.08.13 12:16:20 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\TeamViewer
[2012.08.13 12:09:06 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\FWU-USM
[2012.08.13 12:07:36 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{D5A09B1F-92E2-4E8C-A729-12F2CC6D800C}
[2012.08.13 12:07:24 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{A5BBAAF8-C629-4433-87E0-01C95C7E98FE}
[2012.08.12 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{A0B23231-3CB8-48A0-BDB3-90263B87A70B}
[2012.08.12 10:47:22 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{98FF717C-5E14-434C-990D-0BFC33D329F2}
[2012.08.11 08:57:33 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{57F55D1B-58BB-4E0E-9504-52C0B3463E37}
[2012.08.11 08:57:11 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{5C35C17B-7261-484F-9F0A-CFC942660102}
[2012.08.10 20:56:46 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{DE686EF2-B484-43CF-B283-0EF091405010}
[2012.08.10 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{9588D4A5-CE08-4C9C-9F66-D6318DFA428E}
[2012.08.10 08:24:16 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{F5D0B77F-870A-4604-B008-131D975BF1D7}
[2012.08.10 08:23:54 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{75CD8D9F-50A7-40F7-BA5E-50BAA820E038}
[2012.08.09 09:18:24 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{58EF954E-7731-40EA-AC3E-32079A02027F}
[2012.08.09 09:18:13 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{B03DD514-0CCE-4EFB-AEEB-1223DFFAECF0}
[2012.08.08 16:58:57 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{7DB6E110-6526-4BEE-9737-685893429E89}
[2012.08.08 16:58:46 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{731C8C9E-4ACF-41C0-8B03-280B7ACE14D0}
[2012.08.07 11:44:48 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{8886FA69-BA4F-4D13-A6F4-6C213FF05DDA}
[2012.08.07 11:44:38 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{4953905F-66F2-4C6A-B8C9-2713F0281A62}
[2012.08.06 22:04:18 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Roaming\kompozer.net
[2012.08.06 22:04:18 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\kompozer.net
[2012.08.06 11:39:17 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{4823D929-3CE6-474D-B544-A5FFED5216C2}
[2012.08.06 11:38:55 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{1BD169E1-C92F-4CFF-883F-BF83090255E7}
[2012.08.05 11:10:07 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{36F93658-05F9-419D-9E14-F606F27F27B7}
[2012.08.05 11:09:46 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{6AE8B256-C96D-425D-8548-C1B6858656C2}
[2012.08.04 22:52:12 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{1E0CDC68-B589-4A7C-A8D3-C1E0BFE8B8AC}
[2012.08.04 22:51:50 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{B54F81C0-2C19-424D-A83A-BA8389B8DE7B}
[2012.08.04 09:31:03 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{9F07F75A-0CB7-4C23-97AC-C43341C7B400}
[2012.08.04 09:30:41 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{A447F24C-174F-4221-B205-0DFFF8212907}
[2012.08.03 08:26:04 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{5D80A7E3-7287-45D6-9903-A7684308D458}
[2012.08.03 08:25:42 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{DE3A37C1-F2B6-4F53-8F86-67CD42B4AB84}
[2012.08.02 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{769277FE-8EDA-4A89-9BB4-27747008CAB8}
[2012.08.02 19:14:24 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{EC80682F-2254-40F3-80B7-BF2F024FF51E}
[2012.08.02 07:13:58 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{6DF30D5A-E14A-4603-B16E-BCFCE1238822}
[2012.08.02 07:13:35 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{0642F43D-43E1-4610-B933-FB3072DFDA22}
[2012.08.01 08:15:19 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{F71A4489-DF1B-4964-9B13-086C193B7996}
[2012.08.01 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{88FD9DD3-0A9C-4695-A973-20002F694BCD}
[2012.07.31 10:52:54 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{D9E06722-CA65-4E5D-B61D-523C1A585EC1}
[2012.07.31 10:52:32 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{13CF89B0-F4F6-4349-8AFE-6765D4732AD1}
[2012.07.30 15:10:01 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{750191A8-51F5-40B5-AF0D-FCBA3E7C33A1}
[2012.07.30 15:09:49 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{C199926A-4A8F-4DF2-B731-E2537E505F71}
[2012.07.29 17:07:43 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{A8E930E8-2D31-40A9-AE76-14A88544D2D1}
[2012.07.29 17:07:33 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{81EB6BE3-B1BF-4A0E-90D3-5C63612FEB1C}
[2012.07.28 08:32:08 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{755A839E-1915-4FB9-AE99-CEB7A3B55C2F}
[2012.07.28 08:31:45 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{5CCD995D-B893-43DF-BF61-0845C5D5FA36}
[2012.07.27 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{BF5C19EB-B52E-4D00-9B56-E55189FD88D6}
[2012.07.27 10:29:42 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{480689D8-710B-416C-9413-12DA115D491D}
[2012.07.26 10:43:47 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{BAB2BFE6-3ECB-4874-B3B9-C33A6B976CBA}
[2012.07.26 10:43:25 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{8C600339-E831-4CDA-92FD-12FFF3AF54C3}
[2012.07.25 12:26:49 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{1F3DDCF0-811E-4142-B7A2-5EAC2B3061F7}
[2012.07.25 12:26:37 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{531BBF5C-6168-46CA-B025-CD04B3C9F458}
[2012.07.24 08:48:02 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{278EC1EB-C331-4F00-8781-D032313BBC40}
[2012.07.24 08:47:40 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{2A8B1223-DE9C-40A4-94D0-4D19D903C18E}
[2012.07.23 11:22:55 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{DE9C5262-4BBB-45EA-B038-3700592840B5}
[2012.07.23 11:22:33 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{1A5AF2DE-81B5-4C56-A16F-7FBB076A45F5}
[2012.07.22 13:42:21 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{D51BE112-B060-46C8-9621-4412F44A3983}
[2012.07.22 13:42:00 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{0D8514A8-7C1D-4B5D-AAEF-72D5D07E432D}
[2012.07.21 09:27:24 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{4DEF7484-8E7D-4633-951A-32D59D27676A}
[2012.07.21 09:27:01 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{06AF89D8-EC63-4B20-99BF-78C71271B236}
[2012.07.19 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Franke\Documents\Lillifee
[2012.07.19 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Franke\Documents\Feengeheimnisse
[2012.07.19 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{D37C8EEF-6EA8-4D42-995C-F30BFE5E9781}
[2012.07.19 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{BBE04C02-D8D0-4DF7-882B-E2199AB2CB0B}
[2012.07.19 11:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fußball Quiz
[2012.07.19 11:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fußball Quiz
[2012.07.19 11:52:13 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.07.19 11:44:12 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{528259C2-C4E8-4D63-B26C-5572377CDC47}
[2012.07.18 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{60235175-13B8-4896-B1C6-2DA1DBC4C927}
[2012.07.18 13:30:05 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{6E1243D8-7E9A-4003-9F6B-56DF3CB501E0}
[2012.07.17 14:43:55 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{84F4B83A-8945-441F-ACD0-DCC75B3BBF65}
[2012.07.17 14:43:32 | 000,000,000 | ---D | C] -- C:\Users\Franke\AppData\Local\{E64FAA48-0FAA-4EAA-8537-50F060973C75}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 17:47:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 17:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 17:10:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.15 16:23:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 16:23:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 16:17:24 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.08.15 16:17:24 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.08.15 16:17:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.15 16:16:41 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Ftsv.job
[2012.08.15 16:16:39 | 000,479,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 15:00:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.14 17:15:36 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.08.13 16:31:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.13 16:31:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.13 16:31:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.13 16:31:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.13 16:31:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 11:37:35 | 000,155,648 | RHS- | M] () -- C:\Windows\SysWow64\netapi32B.dll
[2012.07.19 17:40:41 | 000,000,822 | ---- | M] () -- C:\Users\Franke\Desktop\Feengeheimnisse.lnk
[2012.07.19 17:40:27 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000316.LCS
[2012.07.19 17:36:55 | 000,001,523 | ---- | M] () -- C:\Users\Public\Desktop\Lillifee.lnk
[2012.07.19 17:36:55 | 000,000,147 | ---- | M] () -- C:\Windows\Lilli2.ini
[2012.07.19 17:36:55 | 000,000,000 | ---- | M] () -- C:\Windows\Lbail.ini
 
========== Files Created - No Company Name ==========
 
[2012.08.15 16:16:21 | 000,479,912 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 15:00:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.14 17:15:36 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.08.12 11:37:35 | 000,155,648 | RHS- | C] () -- C:\Windows\SysWow64\netapi32B.dll
[2012.08.12 11:37:35 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Ftsv.job
[2012.07.19 17:40:41 | 000,000,822 | ---- | C] () -- C:\Users\Franke\Desktop\Feengeheimnisse.lnk
[2012.07.19 17:36:56 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000316.LCS
[2012.07.19 17:36:55 | 000,001,523 | ---- | C] () -- C:\Users\Public\Desktop\Lillifee.lnk
[2012.07.19 17:36:55 | 000,000,147 | ---- | C] () -- C:\Windows\Lilli2.ini
[2012.07.19 17:36:55 | 000,000,000 | ---- | C] () -- C:\Windows\Lbail.ini
[2012.06.22 18:13:16 | 000,021,665 | ---- | C] () -- C:\Users\Franke\Champions Cup Spielplan E-Junioren.pdf
[2012.06.09 14:47:33 | 000,000,071 | ---- | C] () -- C:\Windows\benEdu3.ini
[2012.04.21 18:09:53 | 000,003,011 | ---- | C] () -- C:\Windows\Wickie.ini
[2012.01.18 16:15:53 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.23 23:41:27 | 000,000,288 | ---- | C] () -- C:\Users\Franke\AppData\Roaming\.backup.dm
[2011.11.23 13:38:59 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll
[2011.11.23 13:38:59 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2011.11.19 16:36:56 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011.11.18 10:08:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.11.18 09:58:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.18 09:55:54 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.18 09:52:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== LOP Check ==========
 
[2011.11.20 21:38:21 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\Amazon
[2011.11.18 22:09:01 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\Auslogics
[2011.11.23 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\Canon
[2011.11.18 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\capella-software
[2012.02.04 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\elsterformular
[2012.08.13 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\FWU-USM
[2012.08.06 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\kompozer.net
[2012.04.02 17:04:36 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\OpenCandy
[2012.08.15 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\Opera
[2012.04.02 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\pdfforge
[2012.08.15 17:14:13 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\TeamViewer
[2012.01.18 16:43:36 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\USM
[2012.08.15 17:08:30 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\Windows Desktop Search
[2011.11.18 13:23:15 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\Windows Live Writer
[2011.11.24 12:19:44 | 000,000,000 | ---D | M] -- C:\Users\Franke\AppData\Roaming\WordToPDF
[2012.08.15 16:16:41 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Ftsv.job
[2012.07.22 13:39:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extra.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 15.08.2012 17:54:02 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 59,10% Memory free
3,50 Gb Paging File | 1,99 Gb Available in Paging File | 56,86% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,71 Gb Total Space | 60,79 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive E: | 834,70 Gb Total Space | 791,34 Gb Free Space | 94,81% Space Free | Partition Type: NTFS
 
Computer Name: FRANKE-PC | User Name: Franke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0899FA22-8A85-41BE-8706-DA25A44A581B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1C72352D-EC0A-4AEE-9A45-476A8ED1A0E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23F00778-1E57-47E1-A692-2FDFC376152D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2859518B-F9E7-4937-B670-BBF6E4FC750E}" = lport=445 | protocol=6 | dir=in | app=system |
"{337DD458-F1B5-4488-AB2C-0734EF95025A}" = lport=138 | protocol=17 | dir=in | app=system |
"{380E7E98-39FE-428C-90A4-3B5D1EA5BD4A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3862DD7E-8DA0-4AE0-9268-8001DD726B75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3BF56624-486C-44DC-B098-7BAB0C765319}" = rport=137 | protocol=17 | dir=out | app=system |
"{4223E976-4A48-4794-85E6-5BE2156E0589}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6374B7F3-D20A-480A-94EC-5B027D3C1454}" = rport=139 | protocol=6 | dir=out | app=system |
"{67B1B198-EEF7-4478-A88D-038823524CF2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{73B43E06-E8C8-461C-B668-B654E53E831B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7970E9AA-0A33-4C91-BE39-3BB21AC97C81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81DA5E3B-12E5-4800-B33B-98DF7D419A47}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{83FF3977-2748-46BD-BECB-E3EE8BD94597}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85CAAE25-8AF9-4F19-8635-2C34F2598F8F}" = rport=445 | protocol=6 | dir=out | app=system |
"{894B42A6-E0C8-4AD2-B2AE-CBE11445F1DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8973CA4C-2162-4A7F-959D-DC90FCB70E63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F1BDA90-5936-4A8A-BBF4-68E6551B96D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{A57B9499-4B6B-456D-A796-C2A879A277D0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A77D1E64-D4AF-439E-B548-156B291E2AC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B42B4458-0015-414E-BC54-EE87AADCB04B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B7449FD8-D3C1-45BE-AA69-BDCC9606F572}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C3F04CDF-6665-4223-A8CE-1E2C6A65A0AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E08A9413-F8AD-4AFB-8B14-106F2692EA6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F4829A84-177D-42AD-9CE4-CC583659742F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4958DC8-FC8C-4E82-9DAA-82E345C54DBE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5BF9329-3807-45C8-B2C1-65F107BB5B3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0233B302-7A4C-40AE-860B-75CFE6D61EC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0558330A-57A0-4A84-A034-4C8205CE182C}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{09D3F7E6-7B3B-4CA2-89CA-CC716F8F94A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{107FD5E0-699F-44A2-8459-30E865985FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{1AF0A6B1-0D51-472D-A517-F7B90057894C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24EE2CED-7939-4079-A447-27B2943C8383}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2705F3E3-DD48-4324-B788-729E990BA8C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AD27D33-4C4F-46B1-A07F-1611D445FDDB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{425DEB20-AF57-4C68-8497-39DF65F9BC34}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{46AC3BDF-46DA-4B1F-9BEA-EC3DED16BCE6}" = dir=out | app=%programfiles% (x86)\netobjects\netobjects fusion 10.0\fusion.exe |
"{47A8B44B-41B4-44F7-8D9F-405705BC91EA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65611431-980A-454D-B12A-8A3CA38229BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{663241B2-3B74-474D-97DE-14AD2798B99A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7520566A-6B72-41C9-977A-103FAD30F568}" = protocol=6 | dir=out | app=system |
"{7A733402-1117-4812-A065-EF5C29EAC429}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{814D6AEA-CCCE-460C-A4BF-8173CE8CA379}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C9C6E3B-CDDC-4596-861D-C2C9E9CE4969}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92FECB85-94D4-4007-85AE-0E0E87A95863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A9C3CA2-D855-4E1F-AE7A-230D150039D1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BBB6ADB-4006-415C-B23E-9E4D14540EF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C09B388-2AB4-4B11-841E-7F490FE3A500}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A0428CBF-B88E-4C0A-B408-46375F1B754C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A24FF1F9-A12E-4FEC-ABE2-D74C0468ECA3}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{BD8E2335-434E-4EE3-8478-7C400166AD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CC826BB9-226D-43E7-8B5E-61E7B00406EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DD49E729-8E65-4442-B28B-122499899260}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD96F25B-667E-4BD2-A690-38E0496CDF94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DDE58305-3331-4800-9B4B-44F1A42035E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3D6F0BF-01A2-47CF-8E1D-962797F3FC20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E97D9E0F-6384-4550-A2B3-1E228A3D69C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAA86A85-2287-4AAA-875C-C5066183AF26}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{10B30124-1152-4815-A96C-0C220883B4D4}C:\program files (x86)\netobjects\netobjects fusion 10.0\fusion.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netobjects\netobjects fusion 10.0\fusion.exe |
"TCP Query User{55CB1012-D261-42D8-8424-6099DFF1407D}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe |
"TCP Query User{D0C30B76-819F-42EF-85EE-6040857B251D}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\gbtupd.exe |
"UDP Query User{0814FFAC-776F-4BE8-BA8B-AD93138C9646}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe |
"UDP Query User{64F81314-A9D4-49A1-B2A4-C6B4EE2A60AE}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\gbtupd.exe |
"UDP Query User{FD6BF2AE-498C-429B-8FC7-F8DE91925E98}C:\program files (x86)\netobjects\netobjects fusion 10.0\fusion.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netobjects\netobjects fusion 10.0\fusion.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804" = CanoScan 8600F
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6F00292A-7A89-4FC3-AA45-4DA3A4BB593C}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Wickie" = "Wickie - Ylvi ist entführt"
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B679B70-EF33-46EA-941C-E6EC233B4690}" = capella-scan 7.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EB0744F-A879-4561-ABC2-B62A8CEC8882}" = Goldfinger Junior 4
"{8143E9D1-4C5F-4DE0-9AE7-EA2DE350F29B}" = capella 7
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}" = Hercules Link
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BAF67C55-1D37-46E2-9719-A5206631C51A}" = NetObjects Fusion 10.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aladdin Ghostscript 6.0" = Aladdin Ghostscript 6.0
"Aladdin Ghostscript Fonts" = Aladdin Ghostscript Fonts
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Deluxe Pacman_is1" = Deluxe Pacman version 1.94
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Frag doch mal" = Frag doch mal die Maus!
"Heidi - Deine Welt sind die Berge" = Heidi - Deine Welt sind die Berge
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Veetle TV" = Veetle TV
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:21:50 | Computer Name = Franke-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 05:16:28 | Computer Name = Franke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.05.2012 13:00:01 | Computer Name = Franke-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 28.05.2012 02:33:34 | Computer Name = Franke-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 13.08.2012 06:01:09 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 13.08.2012 06:08:32 | Computer Name = Franke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 13.08.2012 10:48:50 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 13.08.2012 10:52:10 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 13.08.2012 14:43:27 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 14.08.2012 05:39:40 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 15.08.2012 04:19:28 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 15.08.2012 06:55:25 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 15.08.2012 10:06:28 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
Error - 15.08.2012 10:16:53 | Computer Name = Franke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  UimBus  Uim_IM
 
 
< End of report >
--- --- ---

markusg 17.08.2012 19:29
hi
sorry für die wartezeit

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012.08.12 11:37:35 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Ftsv.job
[2012.08.12 11:37:35 | 000,155,648 | RHS- | C] () -- C:\Windows\SysWow64\netapi32B.dll
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Franke\AppData\Roaming\TeamViewer\{A38CE54A-8453-4A22-9675-8E95E4A49DDA}\UpgradeHelper.exe ()
 :Files
C:\Users\Franke\AppData\Roaming\TeamViewer\{A38CE54A-8453-4A22-9675-8E95E4A49DDA}
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)
downloade get info:
File-Upload.net - GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131