kismet35 | 24.04.2013 15:50 | OK, ich habe das jetzt mit OTLPE gemacht. Ein paar Sachen waren anders als beschrieben:
Die Frage "Do you wish to load the remote registry" wurde nicht gestellt.
Es wurde nur eine OTL.txt (siehe unten) angelegt, keine Extras.txt
Shutdown hat nicht funktioniert, ich musste den Computer irgendwann die Stromzufuhr unterbrechen.
Meine OTLPE-Version war übrigens 3.1.48.0
Gewundert hat mich auch, dass mein Windows-Laufwerk H: hieß, ich dachte immer das wäre C:
Ich habe übrigens noch eine externe Festplatte, die habe ich gleich abgeklemmt (aus Angst, die könnten sie mir verschlüsseln) und auch jetzt erst mal nicht wieder drangemacht, die kann man wohl später noch scannen?
So viel erst mal von meiner Seite, bin gespannt wie es weitergeht!
OTL.txt Code:
OTL logfile created on: 4/24/2013 5:24:06 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive H: | 596.07 Gb Total Space | 20.00 Gb Free Space | 3.35% Space Free | Partition Type: NTFS
Drive I: | 3.71 Gb Total Space | 3.69 Gb Free Space | 99.52% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/02/08 14:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand] -- H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/01/27 06:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 06:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/10 23:05:44 | 000,202,752 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/22 00:38:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/12 05:30:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 13:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/08 09:52:19 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe -- (MarineAquarium3Free_57Service)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- H:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/21 21:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto] -- H:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/01/20 10:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- H:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/03 04:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/21 21:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- H:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010/10/21 21:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010/06/23 05:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/15 07:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/04/27 04:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 04:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/25 14:21:14 | 000,894,592 | ---- | M] (Line 6) [Kernel | On_Demand] -- H:\Windows\System32\drivers\L6UX264.sys -- (L6UX2)
DRV:64bit: - [2010/02/10 23:24:04 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/10 22:11:12 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- H:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2006/11/06 03:56:30 | 000,030,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto] -- H:\Windows\System32\drivers\BrPar64a.sys -- (BrPar)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\USER_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\USER_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\USER_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\USER_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 0E 50 22 CE B5 CC 01 [binary data]
IE - HKU\USER_ON_H\..\URLSearchHook: {327f75ed-061b-4339-8cc6-5dd45ad1396d} - Reg Error: Key error. File not found
IE - HKU\USER_ON_H\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - Reg Error: Key error. File not found
IE - HKU\USER_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\USER_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\USER_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 130.245.191.60:3124
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: H:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: H:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: H:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin: H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll (MindSpark)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: H:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: H:\Windows\SysWOW64\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: H:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: H:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: H:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 13:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 13:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\57ffxtbr@MarineAquarium3Free_57.com: C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin [2013/02/08 09:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/04 02:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 05:30:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/12 05:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/04/04 06:50:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\SeaMonkey 2.17.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/04/15 13:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\SeaMonkey 2.17.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2013/02/21 12:43:02 | 000,000,000 | ---D | M]
[2013/04/12 05:30:11 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/12 05:30:11 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 05:30:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/19 03:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- H:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012/06/08 13:35:19 | 000,129,144 | ---- | M] (RealPlayer) -- H:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/24 02:54:22 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/02 01:31:51 | 000,002,465 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/24 02:54:22 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/13 04:43:23 | 000,000,143 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012/06/24 02:54:22 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/24 02:54:22 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/24 02:54:22 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - H:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Toolbar BHO) - {074d3229-0a22-491b-b9dd-ff3171d75f25} - H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll (MindSpark)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - H:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Search Assistant BHO) - {0eeaa2c3-0cd7-4364-b82e-f9257081c860} - H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrcAs.dll (MindSpark)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - H:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O3 - HKLM\..\Toolbar: (Marine Aquarium Lite) - {07189b84-b33b-4a1e-9b32-ad203c983c20} - H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\USER_ON_H\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] H:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] H:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] H:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LexwareInfoService] H:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Marine Aquarium Lite Search Scope Monitor] H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MarineAquarium3Free_57 Browser Plugin Loader] H:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NUSB3MON] H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] H:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - USER_ON_H\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\USER_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\USER_ON_H Winlogon: Shell - (C:\Users\USER\AppData\Roaming\AltShell.dat) - H:\Users\USER\AppData\Roaming\AltShell.dat ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/04/12 05:30:10 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Mozilla Firefox
[2013/04/10 14:47:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2013/04/10 14:47:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2013/04/10 14:47:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2013/04/10 14:47:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/04/10 14:47:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/04/10 14:47:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2013/04/10 14:47:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/04/10 14:47:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2013/04/10 14:47:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/04/10 14:47:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2013/04/10 14:47:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/04/10 14:47:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/04/10 14:47:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2013/04/10 14:47:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2013/04/10 14:47:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/04/10 14:47:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2013/04/10 14:47:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/04/10 10:58:43 | 003,717,632 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mstscax.dll
[2013/04/10 10:58:42 | 003,217,408 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mstscax.dll
[2013/04/10 10:58:40 | 000,158,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\aaclient.dll
[2013/04/10 10:58:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\aaclient.dll
[2013/04/10 10:58:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tsgqec.dll
[2013/04/10 10:58:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\tsgqec.dll
[2013/04/10 10:58:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntoskrnl.exe
[2013/04/10 10:58:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 10:58:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 10:58:30 | 000,112,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\smss.exe
[2013/04/10 10:58:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\csrsrv.dll
[2013/04/10 10:58:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\apisetschema.dll
[2013/04/04 06:50:43 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Mozilla Thunderbird
========== Files - Modified Within 30 Days ==========
[2013/04/23 11:10:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/04/23 11:07:56 | 3018,366,976 | -HS- | M] () -- H:\hiberfil.sys
[2013/04/23 01:22:31 | 000,000,004 | ---- | M] () -- H:\Users\USER\AppData\Roaming\AltShell.ini
[2013/04/23 00:29:39 | 000,015,152 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 00:29:39 | 000,015,152 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 00:25:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/22 00:38:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/22 00:38:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/20 05:40:51 | 000,000,269 | ---- | M] () -- H:\Windows\Brownie.ini
[2013/04/15 13:13:11 | 000,002,006 | ---- | M] () -- H:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/04/14 11:53:59 | 000,031,518 | ---- | M] () -- H:\Users\USER\Documents\every_breath_you_take.pdf
[2013/04/12 05:43:47 | 000,002,044 | ---- | M] () -- H:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/11 00:43:15 | 000,654,150 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/04/11 00:43:15 | 000,616,032 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/04/11 00:43:15 | 000,130,022 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/04/11 00:43:15 | 000,106,412 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/04/11 00:37:04 | 000,345,040 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/04/09 05:53:40 | 000,207,814 | ---- | M] () -- H:\Users\USER\Documents\Mein Kind will nicht essen2-2012.pdf
[2013/04/04 14:47:54 | 000,002,110 | ---- | M] () -- H:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/03/27 03:18:42 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2010
========== Files Created - No Company Name ==========
[2013/04/23 01:11:01 | 000,000,004 | ---- | C] () -- H:\Users\USER\AppData\Roaming\AltShell.ini
[2013/04/14 11:53:57 | 000,031,518 | ---- | C] () -- H:\Users\USER\Documents\every_breath_you_take.pdf
[2013/04/09 05:53:40 | 000,207,814 | ---- | C] () -- H:\Users\USER\Documents\Mein Kind will nicht essen2-2012.pdf
[2012/05/07 13:39:02 | 000,000,670 | ---- | C] () -- H:\Windows\wiso.ini
[2012/01/11 11:21:31 | 000,041,472 | ---- | C] () -- H:\Users\USER\AppData\Roaming\AltShell.dat
[2011/07/17 12:18:46 | 000,032,256 | ---- | C] () -- H:\Windows\SysWow64\AVSredirect.dll
[2011/07/17 12:15:41 | 000,107,520 | RHS- | C] () -- H:\Windows\SysWow64\TAKDSDecoder.dll
[2011/05/25 12:13:04 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2011/01/27 02:58:55 | 001,526,976 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/16 11:00:05 | 000,012,288 | ---- | C] () -- H:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/29 02:32:22 | 000,000,151 | ---- | C] () -- H:\Windows\BRVIDEO.INI
[2010/11/29 02:32:22 | 000,000,000 | ---- | C] () -- H:\Windows\brmx2001.ini
[2010/11/29 02:32:21 | 000,009,030 | ---- | C] () -- H:\Windows\HL-2030.INI
[2010/11/29 02:32:21 | 000,000,114 | ---- | C] () -- H:\Windows\SysWow64\brlmw03a.ini
[2010/11/29 02:32:09 | 000,000,432 | ---- | C] () -- H:\Windows\BRWMARK.INI
[2010/11/29 02:31:34 | 000,000,054 | ---- | C] () -- H:\Windows\SysWow64\bd2030.dat
[2010/11/29 02:31:14 | 000,000,269 | ---- | C] () -- H:\Windows\Brownie.ini
[2010/11/28 06:45:04 | 000,510,976 | ---- | C] () -- H:\Windows\SysWow64\synsoacc.dll
[2010/11/24 10:21:18 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2010/11/24 10:18:25 | 000,024,576 | R--- | C] () -- H:\Windows\SysWow64\AsIO.dll
[2010/11/24 10:18:25 | 000,013,440 | R--- | C] () -- H:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/24 10:18:22 | 000,011,832 | ---- | C] () -- H:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/11/24 10:18:22 | 000,010,216 | ---- | C] () -- H:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/24 10:14:51 | 000,001,035 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2010/11/24 10:09:48 | 000,051,231 | ---- | C] () -- H:\Windows\Ascd_log.ini
[2010/11/24 10:05:26 | 000,001,769 | ---- | C] () -- H:\Windows\Language_trs.ini
[2010/11/24 10:05:22 | 000,040,643 | ---- | C] () -- H:\Windows\Ascd_tmp.ini
[2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- H:\Windows\SysWow64\xvidcore.dll
[2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- H:\Windows\SysWow64\xvidvfw.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- H:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/18 23:35:10 | 000,049,152 | R--- | C] () -- H:\Windows\DAOD.exe
[2006/04/21 04:08:22 | 000,253,952 | ---- | C] () -- H:\Windows\SysWow64\HtmlHelp.dll
========== LOP Check ==========
[2010/11/24 10:02:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/11/01 06:16:49 | 000,000,000 | ---D | M] -- H:\ProgramData\ashampoo
[2012/08/22 02:56:25 | 000,000,000 | ---D | M] -- H:\ProgramData\Buhl Data Service GmbH
[2010/11/28 05:41:40 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2010/11/24 10:02:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2010/11/24 10:18:45 | 000,000,000 | ---D | M] -- H:\ProgramData\Downloaded Installations
[2010/11/24 10:02:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2011/05/09 14:09:20 | 000,000,000 | ---D | M] -- H:\ProgramData\Haufe
[2011/05/09 13:54:46 | 000,000,000 | ---D | M] -- H:\ProgramData\Lexware
[2010/11/28 06:34:44 | 000,000,000 | ---D | M] -- H:\ProgramData\Line 6
[2012/02/08 13:20:16 | 000,000,000 | ---D | M] -- H:\ProgramData\MakeMusic
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2010/11/24 10:02:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2010/11/24 10:02:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2010/11/28 05:52:53 | 000,000,000 | ---D | M] -- H:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/03/06 12:44:58 | 000,032,632 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > |