Hallo Cosinus,
hier die logs: Code:
# AdwCleaner v2.101 - Datei am 20/12/2012 um 22:38:56 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Schüle - I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16438
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.43] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gelöscht [l.46] : keyword = "babylon.com",
Gelöscht [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&b[...]
*************************
AdwCleaner[R1].txt - [2661 octets] - [19/12/2012 08:41:49]
AdwCleaner[R2].txt - [958 octets] - [19/12/2012 11:52:58]
AdwCleaner[R3].txt - [1295 octets] - [20/12/2012 21:34:49]
AdwCleaner[S1].txt - [2618 octets] - [19/12/2012 08:44:20]
AdwCleaner[S2].txt - [1180 octets] - [20/12/2012 22:38:56]
########## EOF - C:\AdwCleaner[S2].txt - [1240 octets] ##########
Code:
OTL logfile created on: 20.12.2012 22:44:43 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schüle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,81% Memory free
11,98 Gb Paging File | 10,37 Gb Available in Paging File | 86,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362,29 Gb Total Space | 263,09 Gb Free Space | 72,62% Space Free | Partition Type: NTFS
Drive D: | 449,12 Gb Total Space | 422,42 Gb Free Space | 94,05% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,47% Space Free | Partition Type: FAT32
Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
Computer Name: I7 | User Name: Schüle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Schüle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Users\Schüle\Programme\vmware-authd.exe (VMware, Inc.)
PRC - C:\Users\Schüle\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe (Aqua Computer)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (BdDesktopParental) -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Users\Schüle\Programme\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SetClockService) -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe (Aqua Computer)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 EA 53 30 4B 7F CA 01 [binary data]
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{CB235525-13FB-4E1D-9B76-D2C5072DED04}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.10.23 18:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.10.23 18:31:15 | 000,000,000 | ---D | M]
[2012.12.10 23:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
O1 HOSTS File: ([2012.12.20 21:08:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Users\Schüle\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562912A8-2BCE-4110-9163-09C0D5DD71F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1739EC1-A2A2-4BDB-9B03-8C4A792A4B85}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.20 21:08:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.20 20:58:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.20 20:58:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.20 20:58:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.20 20:52:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.20 20:52:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.20 20:49:16 | 005,012,825 | R--- | C] (Swearware) -- C:\Users\Schüle\Desktop\ComboFix.exe
[2012.12.20 18:27:51 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schüle\Desktop\tdsskiller.exe
[2012.12.20 18:23:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Schüle\Desktop\aswMBR.exe
[2012.12.20 09:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schüle\Desktop\OTL.exe
[2012.12.18 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\Schüle\AppData\Roaming\Malwarebytes
[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.18 22:53:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.18 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.12 08:39:14 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 08:39:14 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 08:39:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 08:39:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 08:39:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 08:39:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 08:39:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 08:39:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 08:39:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 08:39:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 08:39:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 08:39:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 08:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 08:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 08:39:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 08:39:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 08:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 08:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 08:39:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 08:38:58 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.12 08:38:58 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.12 08:38:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.12 08:38:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 08:38:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 08:38:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.10 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\Schüle\AppData\Local\VisualBeeExe
[2012.12.10 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.10 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2012.12.07 20:49:11 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012.12.06 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012.12.03 11:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shredder Classic 4 ct 2012
[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.11.29 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.11.29 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\Schüle\Hama
[2012.11.28 09:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.11.28 09:04:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.28 09:04:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.28 09:04:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.28 09:04:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.11.28 09:04:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.11.28 09:04:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.11.28 09:04:10 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.28 09:04:10 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.11.28 09:04:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.11.28 09:04:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.11.28 09:04:10 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.11.28 09:04:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.11.28 09:04:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.28 09:04:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.11.28 09:04:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.11.28 09:04:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.28 09:04:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.28 09:04:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.11.28 09:04:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.28 09:04:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.11.28 09:04:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.11.28 09:04:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.28 09:04:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.11.28 09:04:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.11.28 09:02:53 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.28 09:02:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.27 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Schüle\Documents\Virtual Machines
[2012.11.27 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\Schüle\AppData\Local\VMware
[2012.11.27 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\Schüle\AppData\Roaming\VMware
[2012.11.27 14:13:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2012.11.27 14:13:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2012.11.27 14:13:22 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2012.11.27 14:13:18 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.11.27 14:13:18 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012.11.27 14:12:48 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.11.27 14:12:44 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.11.27 14:12:43 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.11.27 14:12:39 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.11.27 14:12:36 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.11.27 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.11.27 14:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\Users\Schüle\AppData\Roaming\Canneverbe Limited
[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.11.26 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.11.26 10:54:31 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012.11.26 08:59:12 | 000,000,000 | R--D | C] -- C:\ESD
[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2012.11.21 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\Schüle\Documents\Windows 8-Upgrade-Assistent-Dateien
[1 C:\Users\Schüle\Documents\*.tmp files -> C:\Users\Schüle\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.20 22:43:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 22:41:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 22:41:31 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 21:32:34 | 000,547,175 | ---- | M] () -- C:\Users\Schüle\Desktop\adwcleaner.exe
[2012.12.20 21:16:32 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 21:16:32 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 21:08:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.20 20:49:40 | 005,012,825 | R--- | M] (Swearware) -- C:\Users\Schüle\Desktop\ComboFix.exe
[2012.12.20 19:47:18 | 000,000,512 | ---- | M] () -- C:\Users\Schüle\Desktop\MBR.dat
[2012.12.20 18:27:51 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schüle\Desktop\tdsskiller.exe
[2012.12.20 18:24:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Schüle\Desktop\aswMBR.exe
[2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schüle\Desktop\OTL.exe
[2012.12.19 13:37:00 | 000,010,465 | ---- | M] () -- C:\Users\Schüle\Documents\1355915070_1_02.xml
[2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.12.18 22:53:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.17 10:58:15 | 000,017,408 | ---- | M] () -- C:\Users\Schüle\AppData\Local\WebpageIcons.db
[2012.12.16 10:16:56 | 000,075,057 | ---- | M] () -- C:\Users\Public\Documents\computer.ssp
[2012.12.14 18:16:40 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.14 18:16:40 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.14 18:16:40 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.14 18:16:40 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.14 18:16:40 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.13 22:20:06 | 000,000,497 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012.12.12 12:26:06 | 000,007,607 | ---- | M] () -- C:\Users\Schüle\AppData\Local\Resmon.ResmonCfg
[2012.12.12 08:50:28 | 000,313,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.11 21:08:49 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 21:08:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.10 22:58:14 | 003,121,706 | ---- | M] () -- C:\Users\Schüle\Documents\0185 - Falco - Rock me Amadeus.mp3
[2012.12.09 10:13:29 | 000,139,149 | ---- | M] () -- C:\Users\Schüle\Documents\gow.jpg
[2012.12.07 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012.12.06 16:52:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.06 09:00:17 | 001,185,142 | ---- | M] () -- C:\Users\Schüle\Documents\Nokia_Lumia_820_UG_de.pdf
[2012.12.05 11:59:27 | 000,773,086 | ---- | M] () -- C:\Users\Schüle\Documents\Schule03.jpg
[2012.12.03 11:49:37 | 000,001,085 | ---- | M] () -- C:\Users\Schüle\Desktop\Shredder Classic 4 ct 2012.lnk
[2012.11.30 17:26:14 | 000,367,413 | ---- | M] () -- C:\Users\Schüle\Documents\Schule02.jpg
[2012.11.30 17:23:17 | 000,393,693 | ---- | M] () -- C:\Users\Schüle\Documents\Schule01.jpg
[2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.11.27 14:12:12 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 14:12:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.11.26 11:22:54 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.26 10:54:20 | 000,001,393 | ---- | M] () -- C:\Users\Schüle\Desktop\Windows installieren.lnk
[2012.11.21 16:38:27 | 000,024,478 | ---- | M] () -- C:\Users\Schüle\Documents\Windows 8-Upgrade-Assistent.html
[1 C:\Users\Schüle\Documents\*.tmp files -> C:\Users\Schüle\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.20 21:32:32 | 000,547,175 | ---- | C] () -- C:\Users\Schüle\Desktop\adwcleaner.exe
[2012.12.20 20:58:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.20 20:58:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.20 20:58:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.20 20:58:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.20 20:58:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.20 19:47:18 | 000,000,512 | ---- | C] () -- C:\Users\Schüle\Desktop\MBR.dat
[2012.12.19 13:37:38 | 000,010,465 | ---- | C] () -- C:\Users\Schüle\Documents\1355915070_1_02.xml
[2012.12.18 22:53:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.10 23:10:52 | 003,121,706 | ---- | C] () -- C:\Users\Schüle\Documents\0185 - Falco - Rock me Amadeus.mp3
[2012.12.07 20:51:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012.12.07 20:49:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.12.06 16:52:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.06 09:00:17 | 001,185,142 | ---- | C] () -- C:\Users\Schüle\Documents\Nokia_Lumia_820_UG_de.pdf
[2012.12.05 11:59:27 | 000,773,086 | ---- | C] () -- C:\Users\Schüle\Documents\Schule03.jpg
[2012.12.03 11:49:37 | 000,001,085 | ---- | C] () -- C:\Users\Schüle\Desktop\Shredder Classic 4 ct 2012.lnk
[2012.11.30 17:26:13 | 000,367,413 | ---- | C] () -- C:\Users\Schüle\Documents\Schule02.jpg
[2012.11.30 17:23:17 | 000,393,693 | ---- | C] () -- C:\Users\Schüle\Documents\Schule01.jpg
[2012.11.27 14:12:12 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 14:12:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.11.26 11:22:54 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.26 11:22:54 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.11.26 10:47:51 | 000,001,393 | ---- | C] () -- C:\Users\Schüle\Desktop\Windows installieren.lnk
[2012.11.21 16:38:26 | 000,024,478 | ---- | C] () -- C:\Users\Schüle\Documents\Windows 8-Upgrade-Assistent.html
[2011.12.07 11:49:51 | 000,619,208 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.11.13 11:55:37 | 000,017,408 | ---- | C] () -- C:\Users\Schüle\AppData\Local\WebpageIcons.db
[2011.09.08 23:00:41 | 000,000,030 | ---- | C] () -- C:\Windows\CHSSBASE.INI
[2011.09.08 22:53:42 | 000,007,676 | ---- | C] () -- C:\Windows\ENGINEEXT.INI
[2009.12.21 11:45:42 | 000,021,872 | ---- | C] () -- C:\Users\Schüle\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.12.21 10:39:44 | 000,002,126 | ---- | C] () -- C:\Users\Schüle\classic.css
[2009.12.17 21:28:31 | 000,007,607 | ---- | C] () -- C:\Users\Schüle\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Files - Unicode (All) ==========
[2012.09.15 09:35:02 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2012.09.15 09:35:02 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 757 bytes -> C:\Users\Schüle\Documents\Rechnung Januar.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2270C8D2
< End of report >
Code:
OTL Extras logfile created on: 20.12.2012 22:44:43 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schüle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,81% Memory free
11,98 Gb Paging File | 10,37 Gb Available in Paging File | 86,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362,29 Gb Total Space | 263,09 Gb Free Space | 72,62% Space Free | Partition Type: NTFS
Drive D: | 449,12 Gb Total Space | 422,42 Gb Free Space | 94,05% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,47% Space Free | Partition Type: FAT32
Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
Computer Name: I7 | User Name: Schüle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\Schüle\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\Schüle\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0179F28E-2729-4056-A4BE-CC17CE464DE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{01F1095D-E969-46C8-8B64-7A6C54BA7332}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{03B2CA9E-1B08-4997-B4E3-025508D8B77E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{069017E8-07A4-463F-9631-18F78639470E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{116F1CC3-3A1C-4979-B94E-B85A6A509AB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{161AAD4C-9D8B-4793-B510-0D76A561A6D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D054408-C445-4867-8605-3C6764DBEB3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ED130FC-0302-433B-83C8-F9573C7E827D}" = rport=139 | protocol=6 | dir=out | app=system |
"{34A86B82-6C29-4A01-A9F7-368C736F6F70}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3DF5EE76-2B1D-4CE4-89CE-3DBBC0BEF4AB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{42159FA7-061A-430F-803C-AE1338962EBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AE6877D-9064-40A4-8781-379F17887E15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AFDCD52-723E-44A4-9D6D-4284ECD1B583}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{535BF0F6-EC59-45D1-811C-726C15262432}" = lport=139 | protocol=6 | dir=in | app=system |
"{6716FA2C-6D03-446C-893F-94104C93BA04}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7496FFFD-303A-48FA-BE0C-F30F86F8806F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{74EA1916-89ED-45F5-A0A0-805E41E5C8BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76449877-2AEB-428D-9808-475B1C49EEC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77026035-502C-4D03-9305-88B75EAE377F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8A1351CB-6251-44BD-952C-F9B6954EAFCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F33392D-959A-43DC-A742-973ABF8CC1FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{924D41E6-5EBC-4975-B5C4-AF4E0D95751F}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D1858ED-F041-4F5F-A30F-1C89995242B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6F5A5C2-CAC9-489E-B2CE-EEA06E534FAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9ABFD90-4600-4B27-83E9-28DC6D49DD59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA583E94-FB24-4240-B3EC-C4AE8F8C84C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AEA5B71D-1E89-40CA-8AA3-2E0611AFA3FD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BAEDE04F-6726-4E68-8CA7-8488CCDF584D}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3173BD9-A1B9-467E-93C4-6086161EF982}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CF5A64C9-760E-4210-AC17-E1DDAE4987EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{D19FF783-BC65-43CF-A265-169285F50A9A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D418B153-5558-4EE8-8E36-787F6C7257DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D7EC82E0-6E16-462C-8BF4-BC7CEDEC4037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF05527C-78D6-4198-A22E-4963E5301E08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E57136FA-504C-44CC-9422-75E09E370C09}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE83A702-6D2D-4EA4-873E-88C602A52FFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8308444-BC62-4E42-B241-D1BD07659BE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE36AF96-B15C-47F9-A68E-64C3EDB2FB5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF5093F-172F-4DFE-B330-60F5156DFED0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10C17015-58F0-4DB2-BAFA-B7B2406C8035}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"{110013D9-E91C-4BD7-9B40-326EAA471B5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14ADEBBC-6B71-412F-9E7B-EDE1C87DB672}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3095AB67-436A-41A6-B036-11214CBB5F35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3A6BA35E-4445-4C5C-82A1-419A446B831D}" = dir=in | app=c:\users\schüle\programme\vmware-authd.exe |
"{3C68DD5C-8611-4D74-B2A3-3FAAEDC2A516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4978FA4C-4C9A-434B-B7EE-D99475EDBC11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4CA7B2D4-A422-4E45-89BA-97275005BF62}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{51C6ABC8-AEA7-49F5-BDED-B52809CDA851}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BEE3067-E315-4970-B797-3006555E174C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63A3AE9E-2336-484D-B5B1-3C9A78F15A21}" = dir=in | app=c:\users\schüle\programme\vmware-authd.exe |
"{73963FA4-3147-4391-B256-E18845E965DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74B03633-B88B-4C90-B2DF-E7126DC0AF14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7511D1F9-31C7-4F33-9D4B-25B92D59EAD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{777981AA-B591-48A3-B3D6-BC921746C759}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E2E086C-AF85-4F7A-8B0D-C8EC35ECCB6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8051E0-8ED0-40A2-9A8B-E209CF00226A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80E3149B-316B-4001-AA47-B2FDD49C85F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{843A4568-08A0-4867-AFA0-EE93A3C8F236}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8E7D93FF-7558-4524-9393-D0B69804097B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{932A0554-B230-4975-8291-06CE4F712B12}" = protocol=6 | dir=out | app=system |
"{A445137B-7964-4390-AC6B-9F70CDF9C83B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8E71E65-75AD-4A09-A477-4D1FA66CD5FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDC8FD7D-D6E3-4354-915C-9926AA3CE200}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0076D6B-FD5A-4C5A-83B4-00547AE18566}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E3834364-D982-4991-A24F-479C1FF9FC2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F1BEED96-8016-4621-A535-4317C91D6319}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"{F592D8C5-216A-4CBE-ACDE-E429669D58C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{25A6184E-AA0E-4E46-9450-9E7F76AB735B}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{91BA1A99-7B40-4D6E-AD40-AC96A773CDDA}D:\users\public\cstal2\chesstal.exe" = protocol=6 | dir=in | app=d:\users\public\cstal2\chesstal.exe |
"TCP Query User{F2BBDFDE-0FE8-43C9-91CA-D91719F2A1D2}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"TCP Query User{FD434365-2F68-4DD5-AEF5-71B9E8326A83}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{015F5D7F-9C45-4B90-9FC8-920C1EE53591}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{1E4FDF82-5DA1-40A1-BE06-76C042938479}D:\users\public\cstal2\chesstal.exe" = protocol=17 | dir=in | app=d:\users\public\cstal2\chesstal.exe |
"UDP Query User{36E55135-D5FD-4EE6-882B-F35F500E2DAD}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{A2D42CA7-0AB7-4711-87F5-F38A49E41751}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C76E78E4-118F-48B7-815A-7B46B34A2E6A}_is1" = Houdini Version 2.0
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEBA7043-8935-4646-9EC4-0672C8B134CE}_is1" = Houdini 3 Pro
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Bitdefender" = Bitdefender Internet Security 2013
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0322F845-FC35-4735-98FC-A89A39A9A2CD}" = Deep Fritz 11
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}" = Deep Fritz 13
"{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1" = Deep Shredder 12 UCI
"{18E928DE-ABBA-4CEB-A9E4-205769B03FE8}" = Garmin BaseCamp
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1C0A1883-3A46-4416-A225-99BFF203462A}" = Deep Fritz 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2F34E931-7BEA-4BC6-8286-4197EC77EF34}" = Garmin TOPO Deutschland 2012 Pro
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5783F7-199B-4298-AC69-0FF3E4DB06B7}" = Shredder7
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}" = Fritz 13
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93695498-4D9E-4D30-9EC4-8B4A8DEFB4F7}" = ChessBase Light 2007
"{971853BB-F530-442A-B780-F7E3A8EE13AD}" = Deep Fritz 12
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{AABDD1F7-DA6B-4BA2-8F81-C7175A846E9C}" = ChessBase Light 2007
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BAE05770-60EE-4D5D-B7EF-19143852EF18}" = ChessPartner 6.0.2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7DDC5E9-B191-4E1B-B1F1-A05066DEB23A}_is1" = Shredder Classic 4 ct 2011
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{D0F246F5-90C7-446E-B8B3-EDF0D844DFB8}" = DeepJunior13.3
"{D4DA2F6E-54FB-487D-9007-4525819AD0B5}" = DeepJunior 11.1 UCI
"{D827E64C-47C5-4660-A41C-55C1306E22DA}_is1" = Shredder Classic 4 ct 2012
"{D872430A-15AF-4B40-A43E-B7D9D71F2380}" = Nimzo8
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E11A7A62-FBD9-4575-B874-B482DF213467}" = Fritz9
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED930E19-6843-41D6-90B5-22424F216CCA}" = DeepJunior13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F694D244-C236-4988-8EAB-C3F9397250B2}" = DeepJunior12UCI
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9F63821-64B4-4BA9-A811-970C8F6DF016}" = Deep Fritz 11
"{FEDE4C8E-4C50-4B23-BC30-623D7C188D95}" = F13 EngineCloud Beta
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"aquasuite" = aquasuite
"Chess Tiger 2007" = Chess Tiger 2007
"CPCEMU_is1" = CPCEMU v1.7
"Deep Sjeng" = Deep Sjeng
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Scid vs PC_is1" = Scid vs PC 4.8
"STANDARDR" = Microsoft Office Standard 2007
"Totalcmd" = Total Commander (Remove or Repair)
"VMware_Player" = VMware Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2012 19:42:28 | Computer Name = I7 | Source = Windows Search Service | ID = 7042
Description =
Error - 18.12.2012 21:29:10 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamservice.exe, Version: 1.65.0.0,
Zeitstempel: 0x506784f8 Name des fehlerhaften Moduls: mbamservice.exe, Version:
1.65.0.0, Zeitstempel: 0x506784f8 Ausnahmecode: 0x40000015 Fehleroffset: 0x0005e63e
ID
des fehlerhaften Prozesses: 0xa4c Startzeit der fehlerhaften Anwendung: 0x01cddd6b98e4d399
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Berichtskennung:
7ce5c89a-497b-11e2-a1b2-005056c00008
Error - 19.12.2012 11:25:48 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
Zeitstempel: 0x50924d16 Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
1.5.0.0, Zeitstempel: 0x50924d16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000063d8e
ID
des fehlerhaften Prozesses: 0x1238 Startzeit der fehlerhaften Anwendung: 0x01cdddfc6e33a840
Pfad
der fehlerhaften Anwendung: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
des fehlerhaften Moduls: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
5cb65b93-49f0-11e2-9869-005056c00008
Error - 19.12.2012 11:39:31 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
Zeitstempel: 0x50924d16 Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
1.5.0.0, Zeitstempel: 0x50924d16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000063d8e
ID
des fehlerhaften Prozesses: 0x14e8 Startzeit der fehlerhaften Anwendung: 0x01cdddfe76c2148b
Pfad
der fehlerhaften Anwendung: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
des fehlerhaften Moduls: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
47aeac10-49f2-11e2-9869-005056c00008
Error - 19.12.2012 11:40:35 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
Zeitstempel: 0x50924d16 Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
1.5.0.0, Zeitstempel: 0x50924d16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000063d8e
ID
des fehlerhaften Prozesses: 0x1370 Startzeit der fehlerhaften Anwendung: 0x01cdddff0e491a2d
Pfad
der fehlerhaften Anwendung: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
des fehlerhaften Moduls: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
6d7c1e28-49f2-11e2-9869-005056c00008
Error - 19.12.2012 11:44:37 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
Zeitstempel: 0x50924d16 Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
1.5.0.0, Zeitstempel: 0x50924d16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000063d8e
ID
des fehlerhaften Prozesses: 0xf70 Startzeit der fehlerhaften Anwendung: 0x01cdddff9f931368
Pfad
der fehlerhaften Anwendung: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
des fehlerhaften Moduls: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
fe20cedb-49f2-11e2-9869-005056c00008
Error - 19.12.2012 12:00:50 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
Zeitstempel: 0x50924d16 Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
1.5.0.0, Zeitstempel: 0x50924d16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000063d8e
ID
des fehlerhaften Prozesses: 0x1144 Startzeit der fehlerhaften Anwendung: 0x01cdde0149499e4b
Pfad
der fehlerhaften Anwendung: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
des fehlerhaften Moduls: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
41b92e56-49f5-11e2-9869-005056c00008
Error - 19.12.2012 12:29:35 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
Zeitstempel: 0x50924d16 Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
1.5.0.0, Zeitstempel: 0x50924d16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000063d8e
ID
des fehlerhaften Prozesses: 0x113c Startzeit der fehlerhaften Anwendung: 0x01cdde05e3ac9129
Pfad
der fehlerhaften Anwendung: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
des fehlerhaften Moduls: C:\Users\Schüle\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
4638f1f5-49f9-11e2-9869-005056c00008
Error - 20.12.2012 08:25:58 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamservice.exe, Version: 1.65.0.0,
Zeitstempel: 0x506784f8 Name des fehlerhaften Moduls: mbamservice.exe, Version:
1.65.0.0, Zeitstempel: 0x506784f8 Ausnahmecode: 0x40000015 Fehleroffset: 0x0005e63e
ID
des fehlerhaften Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0x01cdde951c378800
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Berichtskennung:
67f64c95-4aa0-11e2-87ad-005056c00008
Error - 20.12.2012 13:35:15 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamservice.exe, Version: 1.65.0.0,
Zeitstempel: 0x506784f8 Name des fehlerhaften Moduls: mbamservice.exe, Version:
1.65.0.0, Zeitstempel: 0x506784f8 Ausnahmecode: 0x40000015 Fehleroffset: 0x0005e63e
ID
des fehlerhaften Prozesses: 0xa80 Startzeit der fehlerhaften Anwendung: 0x01cddeaf7e39b7b3
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Berichtskennung:
9ccc8f7c-4acb-11e2-b597-005056c00008
[ OSession Events ]
Error - 21.12.2009 07:02:09 | Computer Name = I7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1254
seconds with 840 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.12.2012 15:36:33 | Computer Name = I7 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.12.2012 15:36:34 | Computer Name = I7 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.12.2012 15:36:37 | Computer Name = I7 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.12.2012 15:36:38 | Computer Name = I7 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.12.2012 15:52:39 | Computer Name = I7 | Source = Service Control Manager | ID = 7034
Description = Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 20.12.2012 16:02:38 | Computer Name = I7 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 20.12.2012 16:04:32 | Computer Name = I7 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 20.12.2012 16:05:23 | Computer Name = I7 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 20.12.2012 16:09:02 | Computer Name = I7 | Source = DCOM | ID = 10016
Description =
Error - 20.12.2012 17:43:24 | Computer Name = I7 | Source = DCOM | ID = 10016
Description =
< End of report >
Gruß
Werner |
Textbox. 