Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? (https://www.trojaner-board.de/135658-gvu-trojaner-vista32-rechner-meines-vaters-richten.html)

doc_jochim 29.05.2013 18:21
Hallo,

hier ist die bearbeitete Liste:

Code:
unbekannt Acrobat.com        Adobe Systems Incorporated        30.11.2008        1,67MB        1.1.377
unbekannt Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        22.09.2008        14,0MB       
unbekannt Adobe AIR        Adobe Systems Incorporated        28.05.2013                3.7.0.1860
unbekannt Adobe Flash Player ActiveX        Adobe Systems Incorporated        22.09.2008                9.0.124.0
unbekannt Adobe Flash Player Plugin        Adobe Systems Incorporated        22.09.2008                9.0.124.0
notwendig Adobe Reader X (10.1.7) - Deutsch        Adobe Systems Incorporated        17.05.2013        167MB        10.1.7
unbekannt Adobe Shockwave Player 11        Adobe Systems, Inc.        22.09.2008        14,3MB        11
unbekannt Adobe SVG Viewer 3.0                22.01.2011        4,77MB        3.0
unnötig  ALDI Foto Manager Free Sued        MAGIX AG        31.03.2008        51,6MB        3.4.0.466
unnötig  ALDI Online Druck Service (Sued)                22.09.2008        8,09MB       
unnötig  ALDI Sued Foto Service        MAGIX AG        31.03.2008        57,2MB        1.12.0.93
unnötig  Aldi Süd Fotoservice                22.09.2008        41,7MB       
unbekannt Apple Application Support        Apple Inc.        28.05.2013        64,7MB        2.3.4
unbekannt Apple Software Update        Apple Inc.        28.05.2013        2,38MB        2.1.3.127
unbekannt ATI Catalyst Install Manager        ATI Technologies, Inc.        27.03.2008        13,8MB        3.0.664.0
notwendig avast! Free Antivirus        AVAST Software        28.05.2013        341MB        8.0.1489.0
unnötig  Bing Bar        Microsoft Corporation        15.01.2013        527KB        7.1.361.0
notwendig Campus BK        Sommer Informatik GmbH        11.03.2012        42,8MB        10.19.2000
notwendig CCleaner        Piriform        24.05.2013        2,62MB        4.02
notwendig Compatibility Pack für 2007 Office System        Microsoft Corporation        09.01.2013                12.0.6612.1000
notwendig CyberLink PowerDirector        CyberLink Corp.        10.04.2008        216MB        6.5.2314
unbekannt Firebird 2.1.2.18118 (Win32)        Firebird Project        16.08.2009        17,9MB        2.1.2.18118
unnötig  Google Toolbar for Internet Explorer        Google Inc.        14.01.2013        7,75MB        7.4.3607.2246
unnötig  I.R.I.S. OCR        HP        13.01.2013        68,9MB        12.3.4.0
notwendig Java 7 Update 21        Oracle        28.05.2013        129MB        7.0.210
unbekannt LetsTrade Komponenten                22.09.2008        19,3MB       
notwendig LUMIX Map Tool        Panasonic Corporation        08.01.2013        4,87MB        1.00.0000
notwendig MakeDisc        CyberLink Corp.        22.09.2008        102MB        3.0.2601
notwendig Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        28.05.2013        13,3MB        1.75.0.1300
notwendig MCE Software Encoder 1.1        CyberLink Corporation        22.09.2008        1,32MB        1.1.0.1918
notwendig MediaShow        CyberLink Corporation        22.09.2008        33,0MB        3.0.4325
unnötig  MEDION Fotos auf CD Sued        MAGIX AG        31.03.2008        650MB        6.0.2.0
unnötig  MEDIONbox        Medion        31.03.2008        26,9MB        1.09.0000.00050
notwendig Microsoft .NET Framework 1.1                31.03.2008               
notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        07.08.2009        36,9MB       
notwendig Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        30.06.2009        36,9MB       
notwendig Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        11.10.2010        120MB        4.0.30319
notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        11.10.2010        24,5MB        4.0.30319
notwendig Microsoft Office File Validation Add-In        Microsoft Corporation        04.03.2012        7,95MB        14.0.5130.5003
notwendig Microsoft Office Home and Student 2007        Microsoft Corporation        20.02.2012        299MB        12.0.6612.1000
notwendig Microsoft Office Live Add-in 1.5        Microsoft Corporation        02.05.2012        506KB        2.0.4024.1
notwendig Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        09.01.2013                12.0.6612.1000
unnötig  Microsoft Silverlight        Microsoft Corporation        26.03.2013                5.1.20125.0
notwendig Microsoft SQL Server Compact 3.5 SP2 ENU        Microsoft Corporation        08.01.2013        3,39MB        3.5.8080.0
notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.01.2012        251KB        8.0.50727.4053
notwendig Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        31.10.2011        294KB        8.0.59193
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        24.04.2008        2,05MB        9.0.21022
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        02.11.2011        226KB        9.0.30729.4148
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        31.10.2011        594KB        9.0.30729.6161
notwendig Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        28.05.2013        11,0MB        10.0.30319
unnötig  Microsoft Works        Microsoft Corporation        15.10.2012        378MB        9.7.0621
unbekannt MSI to redistribute MS VS2005 CRT libraries        The Firebird Project        16.08.2009        1,76MB        8.0.50727.42
notwendig MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        27.03.2008        1,26MB        4.20.9848.0
notwendig MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        27.03.2008        1,26MB        4.20.9849.0
notwendig MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        1,27MB        4.20.9870.0
notwendig MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        27.11.2009        1,33MB        4.20.9876.0
notwendig Nero 8 Essentials        Nero AG        21.04.2008        1,79GB        8.3.124
notwendig NVIDIA Drivers                22.09.2008               
notwendig OLYMPUS CAMEDIA Master 4.1                03.01.2009        2,32MB       
notwendig OpenOffice.org 3.3        OpenOffice.org        02.11.2011        412MB        3.3.9567
notwendig PHOTOfunSTUDIO 8.1 PE        Panasonic Corporation        08.01.2013        231MB        8.01.710
notwendig PhotoNow!        CyberLink Corp.        22.09.2008        1,59MB        1.0.4310
notwendig Play Movie        CyberLink Corp.        22.09.2008        95,8MB        BD+HD 1.5.3815
notwendig PowerDVD        CyberLink Corporation        22.09.2008        118MB        7.3.3730c.0
notwendig PowerProducer        CyberLink Corp.        22.09.2008        190MB        4.2.2612
unbekannt QuickTime        Apple Inc.        28.05.2013        74,6MB        7.74.80.86
unbekannt RealPlayer        RealNetworks        22.09.2008        46,2MB       
notwendig Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista        Realtek        27.03.2008        1,37MB        1.00.0000
notwendig Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        21.04.2008        16,8MB        6.0.1.5591
unbekannt Sceneo AbsolutTV                22.09.2008        6,53MB       
unbekannt Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        21.04.2008        67,5MB        8.0.0
unnötig  Studie zur Verbesserung von HP Officejet Pro 8600 Produkten        Hewlett-Packard Co.        13.01.2013        5,97MB        25.0.619.0
notwendig T-Concept XI420                03.06.2012        956KB       
notwendig T-Concept XI420                28.05.2013               
unbekannt TVsweeper 3        Sonavis        21.04.2008        4,11MB        3.0.3
unbekannt Ulead PhotoImpact 12        Ulead System        22.09.2008        389MB        12.0
notwendig WISO Mein Geld 2008 Professional        Buhl Data Service GmbH        31.03.2008        167MB        9.00.01.0023
notwendig XI420 CAPI                13.03.2011        788KB
uuuuups - ich habe gerade gesehen, Du hast 'hinter' geschrieben. Meine Einstufungen sind davor. Soll ich die nochmal ändern oder geht das auch so?

doc

markusg 29.05.2013 18:59
Is ok so
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
ALDI : alle
Bing
Firebird
Google
I.R
LetsTrade
MEDION : beide
Microsoft Silverlight
Microsoft Works
RealPlayer
Sceneo AbsolutTV
Spelling
Studie
TVsweeper
Ulead


Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

doc_jochim 29.05.2013 19:53
Zitat:
deinstaliere:
Adobe Flash Player alle
Was ist mit dem Adobe shockwave Player? Gehört der auch dazu?

Adobe reader auch erst weg vor einer Neuinstallation?

markusg 29.05.2013 19:58
adobe reader de und reinstalieren, und shokwave player braucht man meist garnich, kann allgemein weg

doc_jochim 29.05.2013 20:05
Zitat:
deinstaliere:
Firebird
ich habe gerade gesehen, daß dieses Datenbankprogramm hierzu gerhört:

Zitat:
notwendig Campus BK Sommer Informatik GmbH 11.03.2012 42,8MB 10.19.2000
Also belassen?

Was ist mit QuickTime?

Code:
Öffne CCleaner, analysieren, starten,
Irgendwelche bestimmten Häkchen setzen?

markusg 29.05.2013 21:10
Quicktime kannst du lassen, und wenn programme benötigt werden musst du die natürlich nicht deinstalieren :-)
ccleaner in der standard Konfig laufen lassen

doc_jochim 29.05.2013 21:17
Zitat:
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
alle Dateien auswählen? Kann ich nicht finden. Wo?

markusg 29.05.2013 21:20
Hi, vergiss das mit der erweiterten Sicherheit,
adobe 11 gibts nicht für Vista, deswegen fällt das mit alle Dateien wohl weg

doc_jochim 29.05.2013 21:25
Hier ist die log-Datei von adwcleaner

Code:
# AdwCleaner v2.301 - Datei am 29/05/2013 um 22:19:51 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Horst - PAPSNEU
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Horst\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1326 octets] - [29/05/2013 22:18:42]
AdwCleaner[S1].txt - [1097 octets] - [29/05/2013 22:19:51]

########## EOF - C:\AdwCleaner[S1].txt - [1157 octets] ##########

markusg 29.05.2013 21:45
Hi,
neustarten bitte.
Hitman Pro - Download - Filepony
Hitmanpro laden, doppelklicken, scan.
Nichts löschen.
auf weiter.
Log speichern, bzw als xml exportieren, dann posten, bzw packen und anhängenb

doc_jochim 29.05.2013 22:00
Hitman pro:

Code:
HitmanPro 3.7.5.199
www.hitmanpro.com

  Computer name . . . . : PAPSNEU
  Windows . . . . . . . : 6.0.2.6002.X86/4
  User name . . . . . . : PAPSNEU\Horst
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-05-29 22:56:29
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 6s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 0

  Objects scanned . . . : 1.604.553
  Files scanned . . . . : 11.441
  Remnants scanned  . . : 338.992 files / 1.254.120 keys

markusg 31.05.2013 10:30
Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    bnun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

doc_jochim 31.05.2013 12:57
OTL.txt:

Code:
OTL logfile created on: 31.05.2013 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Horst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,61% Memory free
6,21 Gb Paging File | 5,26 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 344,01 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
 
Computer Name: PAPSNEU | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.27 20:47:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.26 13:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.15 16:16:42 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe
PRC - [2008.01.30 09:32:22 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 21:36:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\elcapi20.sys -- (elcapi20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Horst\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.03 12:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.15 16:17:14 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.01.17 22:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.11.21 12:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.10.30 17:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2002.07.15 12:43:06 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElgTaDrv.sys -- (ElgTaDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.28 22:09:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E1645F-A88C-423C-B015-5A3CA714D523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D92894-3209-4E57-87F0-2D0D13B72B63}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 00:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013.05.29 23:48:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.29 23:25:31 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\{C5940DCC-6C91-4380-8D28-284C5D4EAE76}
[2013.05.29 23:25:23 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Windows Live Writer
[2013.05.29 23:25:23 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Windows Live Writer
[2013.05.29 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Windows Live
[2013.05.29 23:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013.05.29 22:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.28 22:51:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
[2013.05.28 22:50:58 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Horst\Desktop\esetsmartinstaller_enu.exe
[2013.05.28 22:50:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Horst\Desktop\tdsskiller.exe
[2013.05.28 22:21:49 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Malwarebytes
[2013.05.28 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.28 22:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.28 22:21:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.28 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.28 22:11:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.28 22:11:38 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\temp
[2013.05.28 21:55:06 | 005,073,758 | R--- | C] (Swearware) -- C:\Users\Horst\Desktop\ComboFix.exe
[2013.05.28 07:55:12 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Apple Computer
[2013.05.28 07:44:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.28 01:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.28 01:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.05.28 01:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.05.28 01:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013.05.28 01:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.05.28 01:08:39 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.28 01:08:39 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.28 01:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.28 01:08:36 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.28 01:08:34 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.28 01:08:33 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.28 01:08:30 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.28 01:08:30 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.28 01:07:50 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.28 01:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.28 01:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.24 18:05:58 | 009,159,136 | ---- | C] (SurfRight B.V.) -- C:\Users\Horst\Desktop\HitmanPro.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.31 12:06:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 12:06:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 11:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 16:14:18 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.30 16:14:18 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.30 16:14:18 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.30 16:14:17 | 000,146,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.30 16:07:36 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.30 16:06:47 | 000,378,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.30 16:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 01:02:09 | 3217,264,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 23:49:50 | 000,001,032 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.29 23:48:55 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.29 22:54:17 | 009,159,136 | ---- | M] (SurfRight B.V.) -- C:\Users\Horst\Desktop\HitmanPro.exe
[2013.05.29 22:50:15 | 012,213,707 | ---- | M] () -- C:\Users\Horst\Desktop\HitmanPro_3.7.5.199.zip
[2013.05.29 21:52:24 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.29 21:08:06 | 000,000,887 | ---- | M] () -- C:\Windows\uninst.ini
[2013.05.29 19:02:25 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.28 22:21:34 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.28 22:09:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.28 21:55:27 | 005,073,758 | R--- | M] (Swearware) -- C:\Users\Horst\Desktop\ComboFix.exe
[2013.05.28 20:54:46 | 000,002,617 | ---- | M] () -- C:\Users\Horst\Desktop\Campus BK-Abrechnung.lnk
[2013.05.28 01:08:40 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.28 01:08:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.28 00:57:51 | 000,007,592 | ---- | M] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2013.05.27 23:59:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Horst\Desktop\tdsskiller.exe
[2013.05.27 21:28:48 | 000,706,708 | ---- | M] () -- C:\Users\Horst\Desktop\delfix.exe
[2013.05.27 20:58:02 | 000,050,477 | ---- | M] () -- C:\Users\Horst\Desktop\Defogger.exe
[2013.05.27 20:55:06 | 000,890,825 | ---- | M] () -- C:\Users\Horst\Desktop\SecurityCheck.exe
[2013.05.27 20:54:52 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Horst\Desktop\esetsmartinstaller_enu.exe
[2013.05.27 20:53:18 | 000,165,376 | ---- | M] () -- C:\Users\Horst\Desktop\SystemLook_x64.exe
[2013.05.27 20:52:22 | 000,632,031 | ---- | M] () -- C:\Users\Horst\Desktop\adwcleaner.exe
[2013.05.27 20:49:04 | 000,377,856 | ---- | M] () -- C:\Users\Horst\Desktop\gmer_2.1.19163.exe
[2013.05.27 20:47:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
[2013.05.23 18:05:51 | 000,016,463 | ---- | M] () -- C:\Users\Horst\Documents\Wibbing u. Laucht Mietforderungen 15.01.13.odt
[2013.05.22 19:52:11 | 000,016,555 | ---- | M] () -- C:\Users\Horst\Documents\Beihilfe.odt
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.29 23:49:50 | 000,001,032 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.29 23:48:55 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.29 22:49:41 | 012,213,707 | ---- | C] () -- C:\Users\Horst\Desktop\HitmanPro_3.7.5.199.zip
[2013.05.29 21:52:24 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.05.29 21:52:24 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.29 21:36:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 21:08:06 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini
[2013.05.29 19:02:25 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.28 22:51:35 | 000,165,376 | ---- | C] () -- C:\Users\Horst\Desktop\SystemLook_x64.exe
[2013.05.28 22:51:30 | 000,890,825 | ---- | C] () -- C:\Users\Horst\Desktop\SecurityCheck.exe
[2013.05.28 22:51:04 | 000,377,856 | ---- | C] () -- C:\Users\Horst\Desktop\gmer_2.1.19163.exe
[2013.05.28 22:50:53 | 000,706,708 | ---- | C] () -- C:\Users\Horst\Desktop\delfix.exe
[2013.05.28 22:50:48 | 000,050,477 | ---- | C] () -- C:\Users\Horst\Desktop\Defogger.exe
[2013.05.28 22:50:40 | 000,632,031 | ---- | C] () -- C:\Users\Horst\Desktop\adwcleaner.exe
[2013.05.28 22:21:34 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.28 21:53:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.28 01:23:59 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.05.28 01:08:40 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.28 01:08:32 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.28 01:08:32 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.27 22:11:33 | 3217,264,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.14 12:38:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.09 23:38:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.01.09 23:38:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.01.09 23:38:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.01.09 23:38:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.01.09 23:38:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2013.01.09 23:38:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.01.09 23:38:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.01.09 23:38:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.01.09 23:38:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.01.09 23:38:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.01.09 23:38:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.01.09 23:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.01.09 23:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.01.09 23:38:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.01.09 23:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.01.09 23:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.01.09 23:38:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.01.09 23:38:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.01.09 23:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.06.03 22:55:10 | 000,000,950 | ---- | C] () -- C:\Windows\XI420Ke.INI
[2012.05.22 20:07:56 | 000,013,640 | ---- | C] () -- C:\Users\Horst\Delibasic Zusammenstellung Stand 21.05.2012.odt
[2012.05.21 20:18:20 | 000,014,339 | ---- | C] () -- C:\Users\Horst\Wagner Abrechnung.odt
[2012.04.30 12:06:17 | 000,011,978 | ---- | C] () -- C:\Users\Horst\Geburtstag 70.odt
[2012.04.29 22:24:56 | 000,011,800 | ---- | C] () -- C:\Users\Horst\Geburtstag Sitzordnungsvorschlag.ods
[2011.10.27 10:30:05 | 000,006,144 | ---- | C] () -- C:\Users\Horst\Datenbanktest3.wdb
[2011.10.27 10:21:52 | 000,010,752 | ---- | C] () -- C:\Users\Horst\Datenbanktest2a.xlr
[2011.10.27 10:20:55 | 000,010,752 | ---- | C] () -- C:\Users\Horst\Datenbanktest2a.ods
[2011.10.27 10:19:18 | 000,000,540 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\wklnhst.dat
[2011.10.27 10:09:21 | 000,009,496 | ---- | C] () -- C:\Users\Horst\Datenbanktest.ods
[2009.06.30 21:53:26 | 000,024,206 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\UserTile.png
[2009.06.30 20:38:31 | 000,007,592 | ---- | C] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2008.10.16 19:52:05 | 000,030,208 | ---- | C] () -- C:\Users\Horst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.22 22:10:26 | 000,000,093 | ---- | C] () -- C:\Users\Horst\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.22 22:14:15 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Buhl Data Service GmbH
[2012.01.29 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Hemera
[2011.11.03 20:15:27 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\OpenOffice.org
[2013.02.14 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Sommer Informatik GmbH
[2013.02.14 15:30:58 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\TeamViewer
[2011.10.27 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Template
[2009.08.15 16:37:53 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Uniblue
[2013.05.29 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.28 22:11:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.10.08 11:16:48 | 000,000,000 | ---D | M] -- C:\74faae02819a502ef122c36c96
[2009.08.26 15:30:28 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.09.22 21:49:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.28 15:15:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.05.29 23:38:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.30 00:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.09.22 21:49:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.28 22:11:40 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.05.31 12:46:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.22 22:09:57 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.29 23:08:32 | 000,000,000 | ---D | M] -- C:\Windows
[2013.05.28 23:31:09 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.05.29 21:36:24 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_957aef9d\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2012.01.11 15:52:12 | 000,036,352 | ---- | M] (Panasonic Corporation) MD5=B0E3DDDD8F4DD34E1829BEF8FD89F0C2 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 8.1 PE\Core\EventLog\EventLog.dll
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.10.27 10:14:39 | 000,009,496 | ---- | M] () -- C:\Users\Horst\Datenbanktest.ods
[2011.10.27 10:20:55 | 000,010,752 | ---- | M] () -- C:\Users\Horst\Datenbanktest2a.ods
[2011.10.27 10:22:15 | 000,010,752 | ---- | M] () -- C:\Users\Horst\Datenbanktest2a.xlr
[2011.10.27 10:30:06 | 000,006,144 | ---- | M] () -- C:\Users\Horst\Datenbanktest3.wdb
[2012.05.22 20:13:55 | 000,013,640 | ---- | M] () -- C:\Users\Horst\Delibasic Zusammenstellung Stand 21.05.2012.odt
[2012.04.30 20:10:19 | 000,011,978 | ---- | M] () -- C:\Users\Horst\Geburtstag 70.odt
[2012.04.29 22:24:59 | 000,011,800 | ---- | M] () -- C:\Users\Horst\Geburtstag Sitzordnungsvorschlag.ods
[2012.02.08 16:56:43 | 000,000,000 | ---- | M] () -- C:\Users\Horst\Neues Textdokument.txt
[2013.05.31 12:51:51 | 003,407,872 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT
[2013.05.28 07:44:14 | 000,077,824 | -H-- | M] () -- C:\Users\Horst\ntuser.dat.LOG
[2013.05.31 12:51:50 | 000,262,144 | -H-- | M] () -- C:\Users\Horst\ntuser.dat.LOG1
[2010.10.08 11:21:09 | 000,262,144 | -H-- | M] () -- C:\Users\Horst\ntuser.dat.LOG2
[2011.03.09 15:26:50 | 003,145,728 | -HS- | M] () -- C:\Users\Horst\ntuser.dat_previous
[2013.05.30 01:01:02 | 000,065,536 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.08.10 22:12:23 | 000,524,288 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2013.05.30 01:01:02 | 000,524,288 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.09.22 22:10:00 | 000,000,020 | -HS- | M] () -- C:\Users\Horst\ntuser.ini
[2012.05.21 20:21:26 | 000,014,339 | ---- | M] () -- C:\Users\Horst\Wagner Abrechnung.odt
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 912 bytes -> C:\Users\Horst\Documents\Sommer-Informatik  Kosten2_weg.eml:OECustomProperty
@Alternate Data Stream - 880 bytes -> C:\Users\Horst\Documents\Fachberatung für Elektrogroßgeräte.eml:OECustomProperty
@Alternate Data Stream - 574 bytes -> C:\Users\Horst\Documents\Entwürfe.eml:OECustomProperty

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 31.05.2013 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Horst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,61% Memory free
6,21 Gb Paging File | 5,26 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 344,01 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
 
Computer Name: PAPSNEU | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ED5073-D65A-42C0-A5D5-1945A2D7B952}" = lport=138 | protocol=17 | dir=in | app=system |
"{10100A19-2EE8-4B16-99CB-07F3E34F5741}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1D18CA4B-C300-4B92-9391-66743A40BDBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D798CB3-C45E-4269-8B32-7E0200CF0568}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{229FBE6F-5941-47B9-A08A-AFA36B9F40E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30A6E5C5-14F2-41B9-95D3-85FE1235D25E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32CCA839-424A-49D6-811D-008282D13693}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C8EA5E9-06B9-4491-85C3-A034BB4D12CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{580DDD20-1CC0-4D69-BA60-42C98397EF3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DEB61CC-8490-49C3-8569-D9B1A2422330}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{604E5918-C52F-4326-84CA-C169963455D8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6AD50030-E7B7-4B2F-BE7D-4776971728ED}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6B97687C-18C9-42FE-84BB-014C9EA2A1BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F9ABAD5-1E19-4AE4-9C08-57EA364D766C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B16CE08-9A7C-441D-B5F2-5B5E712BA4B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F73B301-B58C-4547-BD83-396731A8D84F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83ADD4A5-478E-4951-81E6-7F9BC5746D1A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9F0CD63B-DBFB-441D-A538-C0454E3DA512}" = rport=138 | protocol=17 | dir=out | app=system |
"{B087FEEB-0948-494E-914A-FEE8B5B1EEB3}" = rport=139 | protocol=6 | dir=out | app=system |
"{B19E6A3A-E7B3-4882-827A-4577BC89A857}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BEDEA2AA-014A-4530-A7DE-6CC5FD97594C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D0FC3D17-0948-402C-8F58-06DD4BE6AAD2}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5B69520-FAAF-40A7-A195-7FB2CE2E9C7E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DD47C4F8-FF6E-4636-A514-1B7FD2493AEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F20DF378-3A5D-46AC-9067-3157649B17BA}" = rport=137 | protocol=17 | dir=out | app=system |
"{F735A536-7D38-4577-84EA-37900077EFDB}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1906FC9B-4D17-439B-9186-FD9685991CD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{27287C48-7F15-43D1-9FA3-86AABFF83EFF}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{303E5D0F-41C3-489A-A52C-C6E1EF74DAD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3A0CCB7F-028E-4DF0-9ADE-2E28725F1051}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{442EFC43-DABC-47A1-8F24-43CE5CFD6918}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{49D4E592-9F87-4BA6-839C-D1E65FE32036}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5623B315-D108-4FEA-9F2D-1C9374D274B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8895FB40-B087-4BB2-9EC0-BBCAE498DB79}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E720CBB-BE7D-4AFE-AA75-2EE0B8BC5B87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9AA84967-998C-4421-A39B-F776ED98099A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE97BDA8-EEC2-488B-8BD0-65F91E988A00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D9B6E931-2788-4FA2-80FE-8F734CDE3DDD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E84B780E-6230-4A46-A7D9-BC2119B860DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F19FD7A0-ED7D-45A7-8647-8F32B4C6D604}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F5530EAB-157A-459C-A5A9-E97719677DB7}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{F8077B1A-9530-4ECA-9E62-0C029715F34D}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"TCP Query User{936C4043-8042-422D-9772-6BB0505977B5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{DDBEB696-E847-4945-A676-669130BAB8CB}C:\users\horst\desktop\m2\metin2.bin" = protocol=6 | dir=in | app=c:\users\horst\desktop\m2\metin2.bin |
"TCP Query User{DE9508FD-8739-465E-9C02-45889792E959}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F1EB76D0-372F-4439-B232-88BC68CBC7E0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0F126E33-BD60-4608-B98A-005DF9CEBA33}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2E01B056-DE96-4C76-805E-BE0B143E547D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{75698012-4E1B-4379-B4A0-54280A6411BA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7CFECDE1-E52C-4F2D-870F-6851C8834743}C:\users\horst\desktop\m2\metin2.bin" = protocol=17 | dir=in | app=c:\users\horst\desktop\m2\metin2.bin |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2309B117-1048-4DD6-8DD0-5F5F60B8380A}" = Campus BK
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{48A39B02-21D5-4C73-915E-09C90A13971D}" = XI420 CAPI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{580643F9-E492-4A12-AB61-DC6ADE65EC9F}" = T-Concept XI420
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{927AE974-7B5B-463B-A672-D3B048664D6B}" = T-Concept XI420
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FBDBServer_2_1_is1" = Firebird 2.1.2.18118 (Win32)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 17:57:58 | Computer Name = Papsneu | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 16d4  Anfangszeit: 01ccfb1a81c639c6  Zeitpunkt
 der Beendigung: 63
 
Error - 06.03.2012 03:50:01 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 07.03.2012 08:47:59 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 12.03.2012 05:15:26 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 13.03.2012 02:33:10 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2012 02:03:34 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2012 16:32:20 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 19.03.2012 18:00:28 | Computer Name = Papsneu | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CampusBKabrechnung.exe, Version 5.0.4.1284,
Zeitstempel 0x2a425e19, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00039377,  Prozess-ID 0x988,
Anwendungsstartzeit 01cd0617a5c92de0.
 
Error - 20.03.2012 14:35:19 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
Error - 21.03.2012 06:22:20 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 29.05.2013 17:34:37 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7009
Description =
 
Error - 29.05.2013 17:34:37 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.05.2013 10:07:20 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.05.2013 10:07:26 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.05.2013 10:07:36 | Computer Name = Papsneu | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.05.2013 10:07:36 | Computer Name = Papsneu | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.2 deaktiviert, da
 die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 30.05.2013 10:07:43 | Computer Name = Papsneu | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.05.2013 06:43:39 | Computer Name = Papsneu | Source = DCOM | ID = 10005
Description =
 
Error - 31.05.2013 06:43:39 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7009
Description =
 
Error - 31.05.2013 06:43:39 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
Ich hoffe, be OTL waren die richtigen Häkchen gesetzt - bei so vielen Möglichkeiten...:eek:

markusg 31.05.2013 13:03
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


im Chrome kannst du noch folgenes deinstalieren:
Realplayer
https://support.google.com/chrome/answer/113907?hl=de

bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

doc_jochim 31.05.2013 15:34
Liste der Anhänge anzeigen (Anzahl: 1)
Zitat:
Starte bitte die OTL.exe.
Wieder wie immer mit rechtsklick > als admin ausführen?

Bestimmte Einstellungen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:17 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131