| milkit54 | 02.07.2013 17:28 |
Hallo hier ist mein erstes Ergebnis von Schritt2OTL Logfile: Code:
OTL logfile created on: 02.07.2013 18:11:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Micha\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,75% Memory free
4,22 Gb Paging File | 2,85 Gb Available in Paging File | 67,60% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 85,99 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
PRC - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.01 22:48:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.24 10:00:06 | 000,592,344 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2013.03.10 23:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.10.30 12:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2006.01.13 23:22:19 | 000,249,856 | ---- | M] (Nero AG / Nero Inc.) -- C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2008.01.19 01:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 17:12:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 18:08:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.07 16:19:12 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.03.24 10:00:06 | 000,592,344 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.17 23:08:54 | 000,107,256 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2009.09.15 05:32:14 | 002,697,464 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.12.08 21:19:34 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.07 09:34:26 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.02.09 18:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.02.09 18:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.02.09 18:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.02.11 20:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008.01.05 04:22:50 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV - [2011.03.02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=1F11A9F5-A6B2-48DE-9C57-80073E2A2911&si=swissconverter
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {012A1949-82A6-4C34-9F50-85A7CF7EC628}
IE - HKCU\..\SearchScopes\{012A1949-82A6-4C34-9F50-85A7CF7EC628}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=428
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=0aea01ae000000000000001e101fb4df
IE - HKCU\..\SearchScopes\{BAEC4A6B-468F-4BB6-A6EC-7C422FB6925E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2b583220-87d0-434e-be3a-1b45e3bfbbd1&apn_sauid=F47D1B36-23FB-4BB3-80D3-CADC553F0DAD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.1
FF - prefs.js..extensions.enabledAddons: blyrics%40be-lyrics.net:1.116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\blyrics@be-lyrics.net: C:\Program Files (x86)\bLyrics\116.xpi [2013.06.29 16:41:01 | 000,004,606 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.12.10 18:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2013.04.14 23:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions
[2013.04.28 20:40:00 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions\toolbar@ask.com
[2013.06.18 16:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\extensions
[2013.06.18 16:58:44 | 000,561,109 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\toolbar@gmx.net.xpi
[2013.03.05 14:20:23 | 000,195,205 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.03.05 14:55:25 | 000,001,294 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\delta.xml
[2013.03.05 13:04:19 | 000,009,619 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\my-web-search.xml
[2013.03.05 14:20:33 | 000,003,993 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\sweetim.xml
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.06.27 17:12:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013.06.27 17:12:16 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013.06.29 16:41:01 | 000,004,606 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\BLYRICS\116.XPI
[2013.03.05 14:54:47 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (B Lyrics) - {4CE9C24E-7AFE-4486-A923-138D2C3F0B1E} - C:\Program Files (x86)\bLyrics\116.dll (Be-Lyrics)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (TrueSuite Web Log On) - {A28EC2CC-FD38-40d9-9E75-657D1E0B4686} - C:\Programme\TrueSuite\TrueSuite.IEToolBar.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SystemTray] C:\Programme\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SAFAF.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SE18E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Video Performer63862.exe] "C:\Users\Micha\AppData\Local\Temp\Video Performer63862.exe" /XML="C:\Users\Micha\AppData\Local\Temp\F7A2.tmp" /ROS /STP=1:2 File not found
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23720F7B-3626-4A2A-8965-BA8C0BBEE03A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4A8F71-CDDF-4F84-AD66-C9E4AEA99B84}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFDAF5FC-DAC4-4ADB-ABBF-F050BD828A7D}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBEEDF4-BF56-47FD-8355-A1F9A36A7C3A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDEAA796-34F8-49A7-88B3-1D468AD1BE13}: DhcpNameServer = 193.189.244.225 193.189.244.206
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 23:40:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 02:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.02 18:04:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.01 23:39:28 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.07.01 23:39:27 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.07.01 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.01 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.29 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bLyrics
[2013.06.27 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.02 18:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 18:06:18 | 000,698,996 | ---- | M] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.02 18:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:31 | 000,050,477 | ---- | M] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.02 16:51:12 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\B Lyrics Update.job
[2013.07.02 16:49:22 | 000,001,386 | ---- | M] () -- C:\Users\Micha\Desktop\Registry kostenlos entrümpeln!.lnk
[2013.07.02 16:45:30 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 16:45:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 16:44:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 16:44:17 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.01 23:40:32 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.01 23:39:29 | 000,002,089 | ---- | M] () -- C:\Users\Micha\Desktop\SpyHunter.lnk
[2013.07.01 21:00:45 | 000,711,605 | ---- | M] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.07.01 15:02:27 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.06.29 13:25:38 | 000,084,668 | ---- | M] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.26 08:22:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.06.24 19:19:13 | 000,565,152 | ---- | M] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.16 23:23:12 | 000,015,720 | ---- | M] () -- C:\Users\Micha\Documents\Berechnung Jan 2013.ods
[2013.06.16 03:07:26 | 001,468,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 03:07:26 | 000,628,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 03:07:26 | 000,595,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 03:07:26 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 03:07:26 | 000,104,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.14 05:52:02 | 000,050,176 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.11 17:28:00 | 000,083,537 | ---- | M] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.07 08:35:30 | 301,136,108 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.06 15:50:34 | 000,115,579 | ---- | M] () -- C:\Users\Micha\Desktop\Mein eBay Nachricht einstellung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.02 18:06:14 | 000,698,996 | ---- | C] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:12 | 000,050,477 | ---- | C] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.01 23:40:32 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.01 23:39:37 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013.07.01 23:39:29 | 000,002,089 | ---- | C] () -- C:\Users\Micha\Desktop\SpyHunter.lnk
[2013.07.01 21:00:41 | 000,711,605 | ---- | C] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.06.29 16:41:01 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\B Lyrics Update.job
[2013.06.29 13:25:35 | 000,084,668 | ---- | C] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.24 19:19:09 | 000,565,152 | ---- | C] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.11 17:27:56 | 000,083,537 | ---- | C] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.07 08:49:19 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.06 15:50:32 | 000,115,579 | ---- | C] () -- C:\Users\Micha\Desktop\Mein eBay Nachricht einstellung.pdf
[2013.05.11 10:18:30 | 000,118,692 | ---- | C] () -- C:\Users\Micha\- Kurzfassung Persönliche Wendezeit 2013,.pdf
[2013.03.09 07:40:43 | 000,002,138 | ---- | C] () -- C:\Users\Micha\AppData\Local\recently-used.xbel
[2012.12.25 19:04:20 | 000,023,888 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2012.12.21 07:17:59 | 000,050,176 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.19 06:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.12.19 06:42:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.12.19 06:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.12.16 09:00:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.12.07 15:46:48 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
========== ZeroAccess Check ==========
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.05 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Babylon
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\File Scout
[2013.03.01 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreePDF
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2012.12.29 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2013.03.05 14:55:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Optimizer Pro
[2012.12.25 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking
[2013.03.28 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PhotoScape
[2013.03.05 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Simple Star
[2012.12.17 08:45:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
--- --- ---
Sorry hier ist die 2te Textdatei danke für die Unterstützung leider bin ich nicht fit und mein Rechner auch nicht.OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 02.07.2013 18:11:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Micha\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,75% Memory free
4,22 Gb Paging File | 2,85 Gb Available in Paging File | 67,60% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 85,99 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B8 40 4E 40 9E 6A C8 01 [binary data]
"VistaSp2" = C4 4D 4F 0D 13 DE CD 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DF6E4D0-8BE0-4F88-AE03-BE9502B9F007}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D2B4C31-8647-4135-8A6E-370D9D607FF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{567B128C-F62D-4D0B-AE8D-AF99516DCE66}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CD2C799-B945-4B61-8BEE-7CCF6A1C5034}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D96FFAA-5B11-406C-AE84-07FAD99B4C1E}" = rport=139 | protocol=6 | dir=out | app=system |
"{88035A89-40C0-4C55-A79D-D5A36171A33D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B931AE8-C93C-4EB1-94C4-638E99EE13BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE599DD2-DD95-4B2D-9CF6-C8DC54999F7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7D0CAAF-48DF-42C8-A67E-D1C661E12822}" = lport=445 | protocol=6 | dir=in | app=system |
"{E75BB3F0-3F0A-4D6B-844F-21BEB819B9A4}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{865AD8F1-2E9F-4727-BA42-FCBCCB167CE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C24512DC-DAAF-4A7F-B894-BEE81D615C91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C379B6CB-9C50-4A1D-A30C-8ADB81550F54}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C60B8943-C5AF-45F0-9A8A-E688246EF330}" = dir=out | app=c:\users\micha\downloads\videoperformersetup.exe |
"{F4CE2EA2-630D-4943-9980-2C17CAE7B0C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F5D147DA-98E2-456B-8AC4-05D8EB1259A9}" = dir=in | app=c:\users\micha\downloads\videoperformersetup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{A3EE0691-195A-4863-BDCB-0E51A0BE47B1}" = AuthenTec TrueSuite
"{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GIMP-2_is1" = GIMP 2.8.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{EEE6C374-6118-11DC-9C72-001320C79847}" = SweetPacks Toolbar For Firefox 1.11.0.2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced File Optimizer_is1" = Advanced File Optimizer
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"blyrics@be-lyrics.net" = B Lyrics
"DomaIQ Uninstaller" = DomaIQ
"EPSON Scanner" = EPSON Scan
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero PhotoShow Express 4" = Nero PhotoShow Express 4
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PhotoScape" = PhotoScape
"PricePeep" = PricePeep
"RegClean Pro_is1" = RegClean Pro
"Sweepi_is1" = Sweepi 5.4.00
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"Updater Service" = Updater Service
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.05.2013 13:51:23 | Computer Name = Micha-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.05.2013 16:01:47 | Computer Name = Micha-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel
0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306,
Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789, Prozess-ID 0xd80, Anwendungsstartzeit
01ce5cfee12e1e72.
Error - 02.06.2013 15:32:21 | Computer Name = Micha-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 06.06.2013 13:23:34 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Mobile Partner.exe, Version 1.0.0.1 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ac0 Anfangszeit: 01ce62d810a9275a Zeitpunkt
der Beendigung: 16
Error - 06.06.2013 15:13:47 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Sweepi.exe, Version 5.4.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1c4 Anfangszeit: 01ce62e26abaf84a Zeitpunkt der Beendigung:
0
Error - 06.06.2013 15:18:26 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Sweepi.exe, Version 5.4.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 390 Anfangszeit: 01ce62ea01900182 Zeitpunkt der Beendigung:
15
Error - 06.06.2013 15:27:25 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Sweepi.exe, Version 5.4.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 10fc Anfangszeit: 01ce62eba7e386e3 Zeitpunkt der Beendigung:
6
Error - 06.06.2013 15:28:00 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm RegCleanPro.exe, Version 6.21.65.2506 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 208 Anfangszeit: 01ce62eaf866d823 Zeitpunkt
der Beendigung: 804
Error - 07.06.2013 02:38:16 | Computer Name = Micha-PC | Source = EventSystem | ID = 4609
Description =
Error - 12.06.2013 00:48:12 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm RegCleanPro.exe, Version 6.21.65.2506 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b4c Anfangszeit: 01ce67276045f576 Zeitpunkt
der Beendigung: 0
Error - 16.06.2013 11:01:48 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Mobile Partner.exe, Version 1.0.0.1 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 12cc Anfangszeit: 01ce6aa08f3e00c0 Zeitpunkt
der Beendigung: 15
[ System Events ]
Error - 30.06.2013 01:23:55 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.06.2013 09:20:52 | Computer Name = Micha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.52.3.32 für die Netzwerkkarte mit der Netzwerkadresse
001E101F7FB6 wurde durch den DHCP-Server 10.51.3.13 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 30.06.2013 14:45:00 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 01.07.2013 10:47:40 | Computer Name = Micha-PC | Source = DCOM | ID = 10010
Description =
Error - 01.07.2013 10:50:45 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 01.07.2013 12:58:40 | Computer Name = Micha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.50.196.193 für die Netzwerkkarte mit der Netzwerkadresse
001E101F2B52 wurde durch den DHCP-Server 10.38.155.65 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.07.2013 01:35:48 | Computer Name = Micha-PC | Source = DCOM | ID = 10010
Description =
Error - 02.07.2013 01:36:11 | Computer Name = Micha-PC | Source = DCOM | ID = 10010
Description =
Error - 02.07.2013 01:46:44 | Computer Name = Micha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.38.155.67 für die Netzwerkkarte mit der Netzwerkadresse
001E101F4DA1 wurde durch den DHCP-Server 10.42.227.57 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.07.2013 10:45:57 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
--- --- --- |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Textbox. 