Hier JRT-Log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Walter on 08.07.2013 at 13:18:01,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2013 at 13:19:53,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
das adwcleaner-Log: Code:
# AdwCleaner v2.304 - Datei am 08/07/2013 um 13:31:39 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Walter - WALTER-068E8A50
# Bootmodus : Normal
# Ausgeführt unter : F:\Dokumente und Einstellungen\Walter\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : F:\Programme\LyricsFan
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Mozilla\Firefox\Profiles\02ju6fmu.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.15.1748.0
Datei : F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5831 octets] - [30/06/2013 13:43:17]
AdwCleaner[R2].txt - [5891 octets] - [30/06/2013 13:44:02]
AdwCleaner[R3].txt - [1456 octets] - [02/07/2013 17:24:17]
AdwCleaner[S1].txt - [5999 octets] - [30/06/2013 13:46:39]
AdwCleaner[S2].txt - [1518 octets] - [02/07/2013 17:25:56]
AdwCleaner[S3].txt - [1487 octets] - [08/07/2013 13:31:39]
########## EOF - F:\AdwCleaner[S3].txt - [1547 octets] ##########
OTL: Code:
OTL logfile created on: 08.07.2013 13:46:12 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Dokumente und Einstellungen\Walter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 79,14% Memory free
5,33 Gb Paging File | 4,79 Gb Available in Paging File | 89,84% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programme
Drive D: | 694,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 761,72 Gb Total Space | 705,54 Gb Free Space | 92,63% Space Free | Partition Type: NTFS
Drive G: | 169,78 Gb Total Space | 62,13 Gb Free Space | 36,60% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 859,62 Gb Free Space | 92,30% Space Free | Partition Type: FAT32
Drive I: | 1396,92 Gb Total Space | 1339,15 Gb Free Space | 95,86% Space Free | Partition Type: FAT32
Drive Z: | 149,04 Gb Total Space | 6,25 Gb Free Space | 4,19% Space Free | Partition Type: NTFS
Computer Name: WALTER-068E8A50 | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\Dokumente und Einstellungen\Walter\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - F:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - F:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - F:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - F:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - F:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - F:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - F:\Programme\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - F:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - F:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - F:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - F:\Programme\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - F:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - F:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - F:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - F:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - f:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - F:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - F:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\WINDOWS\VM305_STI.EXE (VM305SNAP)
PRC - F:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
========== Modules (No Company Name) ==========
MOD - F:\Programme\AVAST Software\Avast\defs\13070800\algo.dll ()
MOD - F:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - F:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - F:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - F:\WINDOWS\system32\msdmo.dll ()
MOD - F:\WINDOWS\system32\msjetoledb40.dll ()
MOD - F:\WINDOWS\system32\pdfcmnnt.dll ()
========== Services (SafeList) ==========
SRV - (JavaQuickStarterService) -- F:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- F:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- F:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- F:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- F:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (SkypeUpdate) -- Z:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- f:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (StarMoney 7.0 OnlineUpdate) -- F:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Macromedia Licensing Service) -- F:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (TuneUp.Defrag) -- F:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AVM WLAN Connection Service) -- F:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (TuneUp.UtilitiesSvc) -- F:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- F:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AppleChargerSrv) -- F:\WINDOWS\system32\AppleChargerSrv.exe ()
SRV - (ACDaemon) -- F:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- F:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (NMSAccess) -- F:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (osppsvc) -- f:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- f:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Smart TimeLock) -- F:\Programme\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (UNS) -- F:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- F:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DES2 Service) -- F:\Programme\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (AcrSch2Svc) -- f:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UleadBurningHelper) -- F:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IviRegMgr) -- F:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (LightScribeService) -- F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NETGEAR NETGEAR_MA101_USB_Adapter(R) -- system32\DRIVERS\ma1012kr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- F:\DOKUME~1\Walter\LOKALE~1\Temp\catchme.sys File not found
DRV - (gdrv) -- F:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (aswSnx) -- F:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- F:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- F:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- F:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- F:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- F:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- F:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- F:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (GVTDrv) -- F:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (SSHDRV75) -- F:\WINDOWS\system32\drivers\SSHDRV75.sys ()
DRV - (tdrpman124) -- F:\WINDOWS\system32\drivers\tdrpm124.sys (Acronis)
DRV - (timounter) -- F:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- F:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman378) -- F:\WINDOWS\system32\drivers\snman378.sys (Acronis)
DRV - (FWLANUSB) -- F:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (fwlanusb4) -- F:\WINDOWS\system32\drivers\fwlanusb4.sys (AVM GmbH)
DRV - (avmeject) -- F:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (AppleCharger) -- F:\WINDOWS\system32\drivers\AppleCharger.sys ()
DRV - (IntcAzAudAddService) -- F:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- F:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcDAud) -- F:\WINDOWS\system32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (cpudrv) -- F:\Programme\SystemRequirementsLab\cpudrv.sys ()
DRV - (Monfilt) -- F:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- F:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (StarOpen) -- F:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- F:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (HECI) -- F:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (pavboot) -- F:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (regi) -- F:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (Afc) -- F:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ZSMC0305) -- F:\WINDOWS\system32\drivers\usbVM305.sys (Vimicro Corporation)
DRV - (ULCDRHlp) -- F:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)
DRV - (DNINDIS5) -- F:\WINDOWS\system32\DNINDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\..\SearchScopes\{9F4148CF-3A97-431f-8A84-49F65C520E31}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\..\SearchScopes\{DF545FD7-703C-40a5-9BB5-A46535A5D9BE}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKU\S-1-5-21-583907252-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: lwoofer%40lyricswoofer.co:1.116
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: F:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: F:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: F:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: F:\Programme\AVAST Software\Avast\WebRep\FF [2013.05.13 13:50:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co: F:\Programme\LyricsWoofer\116.xpi [2013.06.30 11:48:31 | 000,005,776 | ---- | M] ()
[2011.07.08 17:08:14 | 000,000,000 | ---D | M] (No name found) -- F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Mozilla\Extensions
[2013.07.04 00:33:06 | 000,000,000 | ---D | M] (No name found) -- F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Mozilla\Firefox\Profiles\02ju6fmu.default\extensions
[2013.07.04 00:33:06 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Mozilla\Firefox\Profiles\02ju6fmu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.06.30 14:13:43 | 000,000,000 | ---D | M] (No name found) -- F:\Programme\Mozilla Firefox\extensions
[2013.06.29 23:40:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.29 23:40:05 | 000,000,000 | ---D | M] (No name found) -- F:\Programme\Mozilla Firefox\browser\extensions
[2013.06.29 23:40:15 | 000,000,000 | ---D | M] (Default) -- F:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.30 11:48:31 | 000,005,776 | ---- | M] () (No name found) -- F:\PROGRAMME\LYRICSWOOFER\116.XPI
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.07.06 14:23:52 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (LyricsWoofer) - {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - F:\Programme\LyricsWoofer\116.dll (Lyrics Woofer LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - Z:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] f:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] f:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] F:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] F:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] F:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BigDog305] F:\WINDOWS\VM305_STI.EXE (VM305SNAP)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Quick-Drop] F:\Programme\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe (Corel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [TrojanScanner] F:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] f:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-616249376-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - f:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - f:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Z:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310142418093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C93EB8BF-69F7-4A0A-877F-B6D8128395FA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - f:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - f:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - f:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Z:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///F:/DOKUME~1/Walter/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.gif
O24 - Desktop Components:1 () - hxxp://www.marine.de/resource/resource/MzEzNTM4MmUzMzMyMmUzMTM1MzMyZTM2MzEzMDMwMzAzMDMwMzAzMDY4NjM3MjZkMzEzMTY2MzAyMDIwMjAyMDIw/image_large.jpg
O24 - Desktop Components:2 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.15 03:57:23 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.08 00:14:10 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2013.07.07 23:26:12 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
[2013.07.06 14:18:37 | 000,000,000 | RHSD | C] -- F:\cmdcons
[2013.07.06 14:16:26 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2013.07.06 14:16:26 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2013.07.06 14:16:26 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2013.07.06 14:16:26 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2013.07.06 14:13:56 | 000,000,000 | ---D | C] -- F:\Qoobox
[2013.07.06 14:13:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\erdnt
[2013.07.06 14:12:42 | 005,086,173 | R--- | C] (Swearware) -- F:\Dokumente und Einstellungen\Walter\Desktop\ComboFix.exe
[2013.07.06 00:06:56 | 000,000,000 | ---D | C] -- F:\WINDOWS\Performance
[2013.07.06 00:06:50 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation
[2013.07.06 00:05:17 | 000,000,000 | ---D | C] -- F:\Programme\Microsoft Windows 7 Upgrade Advisor
[2013.07.05 23:54:41 | 008,676,128 | ---- | C] (Microsoft Corporation) -- F:\Dokumente und Einstellungen\Walter\Desktop\Windows7UpgradeAdvisorSetup.exe
[2013.07.05 14:34:51 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.07.05 14:34:50 | 000,000,000 | ---D | C] -- F:\Programme\7-Zip
[2013.07.04 23:38:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Walter\Desktop\OTL.exe
[2013.07.04 23:29:19 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERUNT
[2013.07.04 23:28:13 | 000,000,000 | ---D | C] -- F:\JRT
[2013.07.04 23:27:05 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- F:\Dokumente und Einstellungen\Walter\Desktop\JRT.exe
[2013.07.02 23:45:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- F:\WINDOWS\System32\drivers\pavboot.sys
[2013.07.02 23:45:38 | 000,000,000 | ---D | C] -- F:\Programme\Panda Security
[2013.07.01 13:10:52 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Malwarebytes
[2013.07.01 13:10:19 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.07.01 13:10:19 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.07.01 13:10:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2013.07.01 13:10:18 | 000,000,000 | ---D | C] -- F:\Programme\Malwarebytes' Anti-Malware
[2013.07.01 11:58:02 | 000,263,592 | ---- | C] (Oracle Corporation) -- F:\WINDOWS\System32\javaws.exe
[2013.07.01 11:57:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- F:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.06.30 19:15:43 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Walter\Eigene Dateien\Simply Super Software
[2013.06.30 19:15:43 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Walter\Anwendungsdaten\Simply Super Software
[2013.06.30 19:15:30 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover
[2013.06.30 19:15:28 | 000,605,968 | ---- | C] (Igor Pavlov) -- F:\WINDOWS\System32\ztv7z.dll
[2013.06.30 19:15:28 | 000,077,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\ztvcabinet.dll
[2013.06.30 19:15:26 | 000,000,000 | ---D | C] -- F:\Programme\Trojan Remover
[2013.06.30 19:15:26 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
[2013.06.30 11:48:31 | 000,000,000 | ---D | C] -- F:\Programme\LyricsWoofer
[2013.06.29 23:40:05 | 000,000,000 | ---D | C] -- F:\Programme\Mozilla Firefox
[4 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.08 13:38:22 | 000,000,366 | ---- | M] () -- F:\WINDOWS\tasks\LyricsWoofer Update.job
[2013.07.08 13:38:04 | 000,000,356 | -H-- | M] () -- F:\WINDOWS\tasks\avast! Emergency Update.job
[2013.07.08 13:37:24 | 000,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2013.07.08 13:36:41 | 000,000,380 | ---- | M] () -- F:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013.07.08 13:36:41 | 000,000,372 | ---- | M] () -- F:\WINDOWS\tasks\Final Media Player Update Checker.job
[2013.07.08 13:36:37 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- F:\WINDOWS\gdrv.sys
[2013.07.08 13:35:30 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2013.07.08 13:30:31 | 000,650,027 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\adwcleaner.exe
[2013.07.08 12:34:56 | 000,002,593 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Microsoft Outlook 2010.lnk
[2013.07.07 16:55:56 | 000,164,635 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\New_NATO_Standardization_Agency_logo.png
[2013.07.07 14:35:28 | 000,002,489 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Microsoft Word 2010 (2).lnk
[2013.07.06 14:23:52 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2013.07.06 14:18:40 | 000,000,327 | RHS- | M] () -- F:\boot.ini
[2013.07.06 14:13:08 | 005,086,173 | R--- | M] (Swearware) -- F:\Dokumente und Einstellungen\Walter\Desktop\ComboFix.exe
[2013.07.06 12:33:51 | 000,005,278 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Gmer1.7z
[2013.07.06 12:33:38 | 000,013,647 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\OTL1.zip
[2013.07.06 00:05:18 | 000,001,834 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013.07.05 23:55:22 | 008,676,128 | ---- | M] (Microsoft Corporation) -- F:\Dokumente und Einstellungen\Walter\Desktop\Windows7UpgradeAdvisorSetup.exe
[2013.07.05 01:16:05 | 000,377,856 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\gmer_2.1.19163.exe
[2013.07.05 01:09:30 | 000,000,000 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\defogger_reenable
[2013.07.05 01:07:41 | 000,050,477 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Defogger.exe
[2013.07.04 23:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Walter\Desktop\OTL.exe
[2013.07.04 23:27:07 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- F:\Dokumente und Einstellungen\Walter\Desktop\JRT.exe
[2013.07.02 06:46:14 | 000,178,951 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\SAC GrpStd III.FH11
[2013.07.02 02:49:42 | 004,022,769 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen1.jpg
[2013.07.02 02:45:31 | 000,830,065 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen1.FH11
[2013.07.02 02:18:01 | 000,124,379 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen.jpg
[2013.07.02 02:16:46 | 000,177,211 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen.FH11
[2013.07.01 13:10:20 | 000,000,756 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.01 11:57:50 | 000,094,632 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.07.01 11:57:48 | 000,867,240 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\npDeployJava1.dll
[2013.07.01 11:57:48 | 000,789,416 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\deployJava1.dll
[2013.07.01 11:57:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\javaws.exe
[2013.07.01 11:57:48 | 000,175,016 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\javaw.exe
[2013.07.01 11:57:48 | 000,175,016 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\java.exe
[2013.07.01 11:57:48 | 000,144,896 | ---- | M] (Oracle Corporation) -- F:\WINDOWS\System32\javacpl.cpl
[2013.06.30 19:15:32 | 000,000,786 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk
[2013.06.27 23:06:40 | 000,770,344 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswSnx.sys
[2013.06.27 23:06:40 | 000,369,584 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswSP.sys
[2013.06.27 23:06:40 | 000,175,176 | ---- | M] () -- F:\WINDOWS\System32\drivers\aswVmm.sys
[2013.06.27 23:06:40 | 000,000,175 | ---- | M] () -- F:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.06.27 23:06:40 | 000,000,175 | ---- | M] () -- F:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.06.27 23:06:40 | 000,000,175 | ---- | M] () -- F:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013.06.25 22:51:32 | 001,338,547 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\SAC Decksziege.jpg
[2013.06.22 21:58:38 | 000,025,600 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.18 22:53:30 | 000,175,826 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Telekom 11-06-2013.jpg
[2013.06.13 03:01:13 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2013.06.12 02:24:54 | 000,944,016 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems.FH11
[2013.06.11 17:17:34 | 001,530,879 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems1.pdf
[2013.06.11 17:14:33 | 005,282,868 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems1.tif
[2013.06.11 17:12:36 | 000,879,160 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems.pdf
[2013.06.11 17:12:08 | 001,206,866 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems.tif
[2013.06.11 14:12:54 | 000,699,804 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\SB Nordsee.jpg
[2013.06.09 23:47:46 | 000,169,201 | ---- | M] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Crew Golf.FH11
[4 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.08 13:30:30 | 000,650,027 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\adwcleaner.exe
[2013.07.07 16:55:56 | 000,164,635 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\New_NATO_Standardization_Agency_logo.png
[2013.07.06 14:18:40 | 000,262,448 | RHS- | C] () -- F:\cmldr
[2013.07.06 14:18:40 | 000,000,210 | ---- | C] () -- F:\Boot.bak
[2013.07.06 14:16:26 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2013.07.06 14:16:26 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2013.07.06 14:16:26 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2013.07.06 14:16:26 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2013.07.06 14:16:26 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2013.07.06 12:33:51 | 000,005,278 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Gmer1.7z
[2013.07.06 12:33:38 | 000,013,647 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\OTL1.zip
[2013.07.06 00:05:18 | 000,001,840 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows 7 Upgrade Advisor.lnk
[2013.07.06 00:05:18 | 000,001,834 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013.07.05 01:16:05 | 000,377,856 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\gmer_2.1.19163.exe
[2013.07.05 01:09:30 | 000,000,000 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\defogger_reenable
[2013.07.05 01:07:41 | 000,050,477 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Defogger.exe
[2013.07.02 06:40:09 | 000,178,951 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\SAC GrpStd III.FH11
[2013.07.02 02:49:17 | 004,022,769 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen1.jpg
[2013.07.02 02:45:31 | 000,830,065 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen1.FH11
[2013.07.02 02:18:01 | 000,124,379 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen.jpg
[2013.07.02 02:16:46 | 000,177,211 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Greif Messingwappen.FH11
[2013.07.01 13:10:20 | 000,000,756 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.30 19:15:32 | 000,000,786 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk
[2013.06.30 19:15:28 | 000,185,616 | ---- | C] () -- F:\WINDOWS\System32\ztvunrar39.dll
[2013.06.30 19:15:28 | 000,169,744 | ---- | C] () -- F:\WINDOWS\System32\ztvunrar36.dll
[2013.06.30 19:15:28 | 000,153,088 | ---- | C] () -- F:\WINDOWS\System32\UNRAR3.dll
[2013.06.30 19:15:28 | 000,077,312 | ---- | C] () -- F:\WINDOWS\System32\ztvunace26.dll
[2013.06.30 19:15:28 | 000,075,264 | ---- | C] () -- F:\WINDOWS\System32\unacev2.dll
[2013.06.30 11:48:32 | 000,000,366 | ---- | C] () -- F:\WINDOWS\tasks\LyricsWoofer Update.job
[2013.06.27 23:06:40 | 000,000,175 | ---- | C] () -- F:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.06.27 01:51:07 | 000,000,175 | ---- | C] () -- F:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013.06.27 01:51:06 | 000,000,175 | ---- | C] () -- F:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.06.25 22:51:22 | 001,338,547 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\SAC Decksziege.jpg
[2013.06.18 22:53:16 | 000,175,826 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Telekom 11-06-2013.jpg
[2013.06.16 15:53:45 | 000,269,210 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Sedov2.jpg
[2013.06.11 17:17:34 | 001,530,879 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems1.pdf
[2013.06.11 17:14:19 | 005,282,868 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems1.tif
[2013.06.11 17:12:35 | 000,879,160 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems.pdf
[2013.06.11 17:12:08 | 001,206,866 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems.tif
[2013.06.11 17:07:07 | 000,944,016 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Ems.FH11
[2013.06.11 14:12:49 | 000,699,804 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\SB Nordsee.jpg
[2013.06.09 23:47:46 | 000,169,201 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Desktop\Crew Golf.FH11
[2013.03.02 22:42:45 | 000,175,176 | ---- | C] () -- F:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.02 22:42:44 | 000,049,376 | ---- | C] () -- F:\WINDOWS\System32\drivers\aswRvrt.sys
[2012.12.17 17:45:40 | 000,116,224 | ---- | C] () -- F:\WINDOWS\System32\pdfcmnnt.dll
[2012.11.15 18:23:32 | 000,049,792 | ---- | C] () -- F:\WINDOWS\System32\drivers\fwlanusb4.bin
[2012.07.20 12:44:44 | 000,278,273 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.07.20 12:44:38 | 000,229,559 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.07.20 12:25:38 | 000,000,036 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.02.16 22:19:30 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll
[2011.11.23 03:58:17 | 000,053,760 | ---- | C] () -- F:\WINDOWS\System32\drivers\SSHDRV75.sys
[2011.11.23 03:52:13 | 000,000,136 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2011.11.23 03:46:56 | 000,036,864 | ---- | C] () -- F:\WINDOWS\System32\ODBCSTF.DLL
[2011.08.17 16:10:48 | 000,209,040 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeW7.dll
[2011.08.17 16:10:48 | 000,196,752 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeP6.dll
[2011.08.17 16:10:48 | 000,192,656 | ---- | C] () -- F:\WINDOWS\System32\IVIresizePX.dll
[2011.08.17 16:10:47 | 000,204,944 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeA6.dll
[2011.08.17 16:10:47 | 000,196,752 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeM6.dll
[2011.08.17 16:10:47 | 000,024,720 | ---- | C] () -- F:\WINDOWS\System32\IVIresize.dll
[2011.08.17 15:18:46 | 000,006,580 | -HS- | C] () -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2011.07.19 04:08:31 | 000,122,880 | ---- | C] () -- F:\WINDOWS\System32\Lfkodak.dll
[2011.07.19 04:08:31 | 000,088,576 | ---- | C] () -- F:\WINDOWS\System32\Lffpx90n.dll
[2011.07.13 23:41:18 | 000,025,600 | ---- | C] () -- F:\Dokumente und Einstellungen\Walter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.13 14:25:04 | 000,039,095 | ---- | C] () -- F:\WINDOWS\iccsigs.dat
[2011.07.13 14:25:01 | 000,112,688 | ---- | C] () -- F:\WINDOWS\System32\shw32.dll
[2011.07.12 20:58:19 | 000,111,932 | ---- | C] () -- F:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.07.12 20:58:19 | 000,031,053 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern131.dat
[2011.07.12 20:58:19 | 000,027,417 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern121.dat
[2011.07.12 20:58:19 | 000,026,154 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern1.dat
[2011.07.12 20:58:19 | 000,024,903 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern3.dat
[2011.07.12 20:58:19 | 000,021,390 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern5.dat
[2011.07.12 20:58:19 | 000,020,148 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern2.dat
[2011.07.12 20:58:19 | 000,011,811 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern4.dat
[2011.07.12 20:58:19 | 000,004,943 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern6.dat
[2011.07.12 20:58:19 | 000,001,146 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.07.12 20:58:19 | 000,001,139 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.07.12 20:58:19 | 000,001,139 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.07.12 20:58:19 | 000,001,136 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.07.12 20:58:19 | 000,001,129 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.07.12 20:58:19 | 000,001,129 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.07.12 20:58:19 | 000,001,120 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.07.12 20:58:19 | 000,001,107 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.07.12 20:58:19 | 000,001,104 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.07.12 20:58:19 | 000,000,097 | ---- | C] () -- F:\WINDOWS\System32\PICSDK.ini
[2011.07.12 10:32:29 | 000,000,015 | ---- | C] () -- F:\WINDOWS\System32\nvModes.dat
[2011.07.12 10:27:46 | 002,293,194 | ---- | C] () -- F:\WINDOWS\System32\nvdata.bin
[2011.07.10 13:16:41 | 001,074,560 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb1.bin
[2011.07.10 13:16:41 | 001,074,560 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb0.bin
[2011.07.10 13:16:41 | 000,000,001 | ---- | C] () -- F:\WINDOWS\System32\nvdrssel.bin
========== ZeroAccess Check ==========
[2011.07.08 16:25:49 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 16:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Extras: Code:
OTL Extras logfile created on: 08.07.2013 13:46:12 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Dokumente und Einstellungen\Walter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 79,14% Memory free
5,33 Gb Paging File | 4,79 Gb Available in Paging File | 89,84% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programme
Drive D: | 694,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 761,72 Gb Total Space | 705,54 Gb Free Space | 92,63% Space Free | Partition Type: NTFS
Drive G: | 169,78 Gb Total Space | 62,13 Gb Free Space | 36,60% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 859,62 Gb Free Space | 92,30% Space Free | Partition Type: FAT32
Drive I: | 1396,92 Gb Total Space | 1339,15 Gb Free Space | 95,86% Space Free | Partition Type: FAT32
Drive Z: | 149,04 Gb Total Space | 6,25 Gb Free Space | 4,19% Space Free | Partition Type: NTFS
Computer Name: WALTER-068E8A50 | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-583907252-616249376-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Programme\Windows Live\Messenger\wlcsdk.exe" = F:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"F:\Programme\Windows Live\Messenger\msnmsgr.exe" = F:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = F:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"F:\Programme\Opera\opera.exe" = F:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Programme\TeamViewer\Version6\TeamViewer.exe" = F:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"F:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = F:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"F:\Programme\Microsoft Office\Office14\GROOVE.EXE" = F:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"F:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = F:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"F:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = F:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"F:\Programme\Windows Live\Messenger\wlcsdk.exe" = F:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"F:\Programme\Windows Live\Messenger\msnmsgr.exe" = F:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = F:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"F:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = F:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"F:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" = F:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 7.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"F:\Programme\StarMoney 7.0 S-Edition\app\StarMoney.exe" = F:\Programme\StarMoney 7.0 S-Edition\app\StarMoney.exe:*:Enabled:StarMoney 7.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"F:\Programme\Canon\Network ScanGear\SgTool.exe" = F:\Programme\Canon\Network ScanGear\SgTool.exe:*:Enabled:SGTOOL -- (CANON INC.)
"F:\WINDOWS\system32\dpvsetup.exe" = F:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"F:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" = F:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 8.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"F:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe" = F:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe:*:Enabled:StarMoney 8.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"Z:\Programme\Skype\Phone\Skype.exe" = Z:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = F:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
"F:\Programme\File Type Assistant\tsassist.exe" = F:\Programme\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"F:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = F:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{191FB151-175D-4076-A8B5-D9B2F5E815BC}" = Color Network ScanGear Ver.2.23
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2460A058-272D-498D-9A5E-E6F7492DAABC}" = Corel DVD Xpack
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31CA28D1-CAE0-48EF-BFFF-BA9C81BA055A}" = StarMoney
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{38562CF7-A0E4-4237-AE76-9DC7DA0C3DAD}" = Corel AVCHD Xpack
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81FC0476-9507-4CD3-95A7-2BE60E256D1D}" = ArcSoft MediaImpression 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32E6150-990E-48F1-9356-2A3A340EC812}" = Gigaset SX541
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECD5173E-DCE2-4437-9D13-FD43A0092C91}" = StarMoney 7.0 S-Edition
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8047F58-C705-472B-8F30-B00C820F1112}" = StarMoney 8.0 S-Edition
"7-Zip" = 7-Zip 9.20
"ActiveScan 2.0" = Panda ActiveScan 2.0
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Corel Applications" = Corel Applications
"DriverEasy_is1" = DriverEasy 4.2.0
"Enable S3 for USB Device" = Enable S3 for USB Device
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FinalMediaPlayer_is1" = Final Media Player 2012
"Herlitz Druckstudio (Programm)" = Herlitz Druckstudio (Programm)
"ie8" = Windows Internet Explorer 8
"InstallShield_{191FB151-175D-4076-A8B5-D9B2F5E815BC}" = Color Network ScanGear Ver.2.23
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"lwoofer@lyricswoofer.co" = LyricsWoofer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Online Foto Print System (1night)" = Online Foto Print System ( OFPS - 1NIGHTPRINT.de )
"Opera 12.15.1748" = Opera 12.15
"TeamViewer 6" = TeamViewer 6
"Trojan Remover_is1" = Trojan Remover 6.8.7
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities" = TuneUp Utilities
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.06.2013 09:28:29 | Computer Name = WALTER-068E8A50 | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 14.0.6129.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 23.06.2013 19:23:45 | Computer Name = WALTER-068E8A50 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 14.0.6129.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.06.2013 06:30:03 | Computer Name = WALTER-068E8A50 | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 14.0.6129.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 24.06.2013 17:31:44 | Computer Name = WALTER-068E8A50 | Source = MsiInstaller | ID = 11609
Description =
Error - 26.06.2013 20:38:21 | Computer Name = WALTER-068E8A50 | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 14.0.6129.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 29.06.2013 20:44:08 | Computer Name = WALTER-068E8A50 | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 14.0.6129.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 30.06.2013 21:48:57 | Computer Name = WALTER-068E8A50 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 14.0.6129.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.07.2013 16:56:34 | Computer Name = WALTER-068E8A50 | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 14.0.6129.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 02.07.2013 17:46:39 | Computer Name = WALTER-068E8A50 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011780.
Error - 02.07.2013 23:31:51 | Computer Name = WALTER-068E8A50 | Source = MsiInstaller | ID = 11609
Description =
[ System Events ]
Error - 08.07.2013 06:32:26 | Computer Name = WALTER-068E8A50 | Source = fwlanusb4 | ID = 1
Description =
Error - 08.07.2013 06:33:52 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie
sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.07.2013 06:33:52 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 08.07.2013 06:33:52 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
7.0 OnlineUpdate.
Error - 08.07.2013 06:33:52 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
8.0 OnlineUpdate.
Error - 08.07.2013 07:35:33 | Computer Name = WALTER-068E8A50 | Source = fwlanusb4 | ID = 1
Description =
Error - 08.07.2013 07:37:18 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie
sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.07.2013 07:37:18 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 08.07.2013 07:37:18 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
7.0 OnlineUpdate.
Error - 08.07.2013 07:37:18 | Computer Name = WALTER-068E8A50 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst StarMoney
8.0 OnlineUpdate.
< End of report >
|
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
WARNUNG an die MITLESER: 
