Windows Defender startet nicht Fehler 0x800106ba WIN VISTA/ Trojaner Trojan.SpyEyes.WC

cosinus · 03.12.2012, 14:47

IMHO ist der Defender auch nicht wirklich notwendig...der Defender ist meist mit das erste was ich deaktiviere auf einem Vista/7

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

svenjens · 03.12.2012, 16:29

[code]

# AdwCleaner v2.011 - Datei am 03/12/2012 um 16:27:29 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmin\Downloads\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\jhrgq5se.default\extensions\adapter@babylontc.com.xpi
Datei Gefunden : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\jhrgq5se.default\extensions\ocr@babylon.com.xpi
Datei Gefunden : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\jhrgq5se.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Windows\system32\conduitEngine.tmp
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\Program Files\SFT_de3
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Jasmin\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Jasmin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Jasmin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jasmin\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Jasmin\AppData\LocalLow\SFT_de3
Ordner Gefunden : C:\Users\Jasmin\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SFT_de3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SFT_de3 Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3031778
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\Description
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A687F7F-60E5-40BF-AA7E-B90A9980A833}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84B6B96C-3745-43AA-A1EA-82AF8BD24E07}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{954BA70D-59DA-400D-A021-587E77C336E3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFT_de3 Toolbar
Schlüssel Gefunden : HKLM\Software\SFT_de3
Schlüssel Gefunden : HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FF88A983-649D-4207-9336-9B999280B436}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FF88A983-649D-4207-9336-9B999280B436}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/home?affID=66756&tt=4712_3

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\jhrgq5se.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", "21");
Gefunden : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Gefunden : user_pref("extensions.BabylonToolbar.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829[...]
Gefunden : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "70DC29DBB612FBF3C5E265812F5D34F3");
Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "764dd3e5000000000000001d601280e2");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15665");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "na");
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.3.810:49:06");
Gefunden : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"53\",\"lastVrsn\":\"53\",\"vrsnLoad\[...]
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.sg", "azb");
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.3.810:49:06");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=66756&tt=4712_3[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.810:49:06");
Gefunden : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37,adapter@babylon[...]

*************************

AdwCleaner[R1].txt - [12212 octets] - [03/12/2012 16:27:29]

########## EOF - C:\AdwCleaner[R1].txt - [12273 octets] ##########

So Adw cleaner ist installiert und lief ziemlich rasch durch...

hier siehst Du das resultat..

;-)

Danke für die "Mühewaltung"..

herzlich

sven jens

cosinus · 03.12.2012, 16:31

Bitte die CODE-Tags richtig setzen!

Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB Conduit pder Babylon) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen.
Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.

svenjens · 03.12.2012, 17:38

habe mit dam Adw ales entfernt, ein teil iess sich gar nicht löschen.. er hat nahc neustart geschrieben: sauber und sauber...(registrierungsdatenbank ist sauber....)

cosinus · 03.12.2012, 19:45

Zitat:

habe mit dam Adw ales entfernt,

Das solltest du doch noch garnicht!
Warum machst du was anderes als der Helfer dir sagt?

svenjens · 03.12.2012, 19:53

ouch.. ärgerlich... ich hatte das so verstanden.."was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg" ok, das wir war eindeutig..

schade.. habe ich was kaputt gemacht?

cosinus · 03.12.2012, 20:09

Die Dinger sollten schon nach Möglichkeit sauber deinstalliert werden...naj egal

Wo ist denn das Log vom aswCleaner? Bitte in CODE-Tags...

svenjens · 03.12.2012, 22:24

Code:

ATTFilter

 # AdwCleaner v2.011 - Datei am 03/12/2012 um 22:22:16 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmin\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\jhrgq5se.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [807 octets] - [03/12/2012 22:22:16]

########## EOF - C:\AdwCleaner[R1].txt - [866 octets] ##########

hoffe so besser.. bis man weiss wie es geht..lach

Es ist nicht so einfach ;-)

aber das weisst Du ja sowieso!

svenjens

cosinus · 04.12.2012, 12:15

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

svenjens · 05.12.2012, 00:05

Code:

ATTFilter

OTL Extras logfile created on: 04.12.2012 23:29:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Jasmin\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 57,94% Memory free
3,98 Gb Paging File | 2,75 Gb Available in Paging File | 68,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,35 Gb Total Space | 80,38 Gb Free Space | 56,47% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 5,60 Gb Free Space | 83,65% Space Free | Partition Type: NTFS
Drive F: | 931,28 Gb Total Space | 884,39 Gb Free Space | 94,96% Space Free | Partition Type: FAT32
 
Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3369885131-2479379214-1242257067-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01313953-33D8-47AE-991C-95DEC2B43B75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07A89C49-82E8-4F01-A11A-885D8312F196}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{266099FA-AF71-4762-A839-F213B0047445}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{33B226BB-324E-4B8B-814B-6AB797AA254F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{37A1D34D-5E48-44F3-9737-03D40DE4833D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{396DE425-6C0C-4A57-9E47-C80891175012}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{6A8935B6-0745-4A54-AB9F-CEBD2C122C37}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7A181169-7BAB-40FE-B22C-D5E0F861083C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8F70B6F9-5AD2-4B66-9783-2BF0613DF0E5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A0AE2C7F-525F-4068-A475-66726A4F889B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AE8CCB9E-0343-4F3C-8238-51D442F6651C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E046ECE5-85D7-40CB-BC31-F2BBBBF0E2A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9FF79A0-9A6C-47CC-9ED7-D65FC6509E15}" = lport=59680 | protocol=6 | dir=in | name=jtlwawi sql | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0884DFDB-2DC9-4251-8B5B-4FE6B031701C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{0F948270-B740-4E17-B5CB-3185503AEA24}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe | 
"{0FB5123A-8305-4C6A-B002-69F1D950787A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{15AF1FAB-F707-4536-ABCE-37AFCC803AA4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{28AE5D5E-51FF-42B0-9F82-A74F4BBE136C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{33D2353A-D639-4FE9-8E8C-15595069F842}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{3A455340-8227-4256-8156-3BB7D9A37775}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{3B549FEF-35A9-4AC2-8A65-5B3054A968BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{44FCC7E9-4759-45B2-99CE-32A4380E870F}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe | 
"{4D9263F8-8D01-456C-BB2E-8771F69E2A75}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{59BD1BE7-D99C-45E3-B8AD-8FCD5C089B24}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe | 
"{5F98B554-33B6-4896-8FF5-893B97ADE69C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{6B26EE99-69D0-4A90-824C-4460E7E8C05E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{8D21A64A-1FE8-411E-BE70-8640DCD35CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9AE29482-A618-4263-B77E-195406BEE4E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{A64F0A21-E217-42DE-B311-D9220EB4F9A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A8255EA8-2518-45C4-B091-F778179BB960}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe | 
"{AFEF45FC-4C48-4253-909F-AEFBB5CD6904}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B9C35FF6-89D2-4054-909D-C767F24499CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{C56ED326-C684-4D55-AF76-5E180DF5E55B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{CBE26F4D-18A4-413D-9AB0-2C3143C1504E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{CD7137A8-F611-40F6-99A5-3BE6F5C01AB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{DA404057-431C-45B0-9162-85C765CDE3BB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{DA75AE20-1D94-411F-BD54-F228C2D4ECCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{DD8A6197-8BF5-49C4-8757-8E2CCB5F8603}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{E3F715E1-BC86-4FFF-B941-CB9463E110DE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E471A4D7-5A86-4F34-8E43-83C35F46D40C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{E614BEEE-00A2-48C3-97C1-72BAAEC5A693}" = dir=in | app=e:\setup\hpznui01.exe | 
"{F748941D-2EC2-4035-831D-0D9D671C32C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7EA20B7-9F34-4A08-9518-A7147D591F25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"TCP Query User{D870D406-FBBD-4D97-B4F1-CDA7ED933A20}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{31E970E7-75D9-458D-8C7F-13CBB0F9FC9B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = gotomaxx PDFMAILER
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{1606B7E9-2078-4CAD-B4C4-96E0FE877232}_is1" = Faktura-XP 2.1 - ShopEdition
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{394D3D87-12FE-4765-836F-F6F727005C9C}" = AVM FRITZ!Fernzugang
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5CA72DC6-1043-4BDA-A128-C18200FF7ABA}" = Hama WLAN USB Stick
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9480CCD5-BB18-4DF3-AB18-04198B30DD62}" = DELISprint
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.5 WEB.DE Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
"{B6FA7BE5-6C3F-42AF-B3C1-C1F4536920C5}" = Lexware Abschreibungsrechner
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe  1.8.13.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DA3520-446D-49CC-8D1E-A929AC98F2C7}" = Fernbedienungsfenster
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2B4720-38CB-4A37-BA6D-6A9FE1AB4050}" = Brother HL-1430
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DynDNSUpdater" = DynDNS Updater
"FileZilla Client" = FileZilla Client 3.5.3
"Firefox 3.5 WEB.DE Edition" = Firefox 3.5 WEB.DE Edition
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HeidiSQL_is1" = HeidiSQL 7.0.0.4053
"JTL-Wawi_is1" = JTL-Wawi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"ST6UNST #1" = Visual Basic 6.0 Runtime&Steuerelemente
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.11.2010 14:14:45 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.11.2010 14:14:45 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.11.2010 12:59:09 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.11.2010 12:59:09 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.11.2010 02:57:51 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.11.2010 02:57:51 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.11.2010 13:26:43 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.11.2010 13:26:43 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.11.2010 02:57:23 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.11.2010 02:57:23 | Computer Name = Jasmin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 04.12.2009 11:02:47 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6651
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 24.01.2010 12:31:06 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.06.2010 07:48:00 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.07.2010 04:27:11 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 712
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2011 10:09:46 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 398
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.04.2011 14:49:30 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38133
 seconds with 3000 seconds of active time.  This session ended with a crash.
 
Error - 18.05.2011 04:09:01 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.11.2011 21:02:05 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 48839
 seconds with 6600 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 06:40:14 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2012 10:49:11 | Computer Name = Jasmin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.12.2012 12:30:52 | Computer Name = Jasmin-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 03.12.2012 12:32:47 | Computer Name = Jasmin-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 03.12.2012 12:32:47 | Computer Name = Jasmin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.12.2012 12:32:47 | Computer Name = Jasmin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.12.2012 05:25:35 | Computer Name = Jasmin-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Brother MFC-9440CN XML Paper nicht
 unter dem Namen Brother MFC-9440CN XML Paper freigeben. Fehler: 2114. Der Drucker
 kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 04.12.2012 05:25:35 | Computer Name = Jasmin-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Brother DCP-8065DN USB Printer
 nicht unter dem Namen Brother DCP-8065DN USB Printer freigeben. Fehler: 2114. Der
 Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 04.12.2012 05:26:31 | Computer Name = Jasmin-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.12.2012 05:28:37 | Computer Name = Jasmin-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 04.12.2012 05:28:37 | Computer Name = Jasmin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.12.2012 05:28:37 | Computer Name = Jasmin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 29.11.2012 05:23:18 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-11-29 10:23:18', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5060',0)
 
Error - 30.11.2012 07:45:09 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-11-30 12:45:09', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','2304',0)
 
Error - 30.11.2012 13:55:08 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-11-30 18:55:08', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2932',0)
 
Error - 30.11.2012 20:26:33 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-01 01:26:33', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamscheduler.exe','3028',0)
 
Error - 30.11.2012 20:26:38 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-01 01:26:38', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','3056',0)
 
Error - 03.12.2012 12:01:35 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-03 17:01:35', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamscheduler.exe','2992',0)
 
Error - 03.12.2012 12:01:35 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-03 17:01:35', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','3004',0)
 
Error - 03.12.2012 12:32:33 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-03 17:32:33', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamscheduler.exe','3416',0)
 
Error - 03.12.2012 12:32:33 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-03 17:32:33', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','3436',0)
 
Error - 04.12.2012 05:28:08 | Computer Name = Jasmin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-12-04 10:28:08', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamscheduler.exe','3076',0)
 
 
< End of report >

das 2. ist das "extras" log

bin neugierig, was Du sagst.. ;-)

DANKE!

Sven (ich habe Danke geschrien..schreck.)

cosinus · 05.12.2012, 11:20

Du hast aber nur das Extras-Log gepostet, das andere Log die OTL.txt wäre viel wichtiger

svenjens · 05.12.2012, 19:13

Code:

ATTFilter

[2012.11.26 14:23:03 | 002,466,249 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1569.jpg
[2012.11.26 14:22:51 | 002,503,135 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1568.jpg
[2012.11.26 14:22:42 | 001,741,032 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1564.jpg
[2012.11.26 14:22:28 | 002,143,975 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1570.jpg
[2012.11.26 14:22:22 | 001,639,027 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1566.jpg
[2012.11.26 14:10:00 | 002,563,098 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1567.jpg
[2012.11.26 14:10:00 | 001,791,467 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1563.jpg
[2012.11.26 14:10:00 | 001,665,710 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1571.jpg
[2012.11.26 14:10:00 | 001,629,574 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1565.jpg
[2012.11.07 10:25:32 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.11.07 10:25:06 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.11.07 10:24:18 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.11.07 10:23:29 | 000,001,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.04.20 14:10:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bxd9440cn.dat
[2012.02.27 14:33:15 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd8065dn.dat
[2012.02.27 14:28:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.02.24 19:34:20 | 000,000,000 | ---- | C] () -- C:\Users\Jasmin\defogger_reenable
[2011.06.20 09:15:33 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.02.05 11:18:43 | 000,000,053 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.02.05 11:18:43 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2011.02.05 11:17:40 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.02.05 11:17:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011.02.05 11:17:40 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.02.05 11:17:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.02.05 11:17:39 | 000,013,111 | ---- | C] () -- C:\Windows\HL-1430.INI
[2011.01.28 13:07:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.01.28 13:07:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\W2KUSBIF.DLL
[2011.01.28 13:07:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\spusbif.dll
[2011.01.28 13:07:31 | 000,001,593 | ---- | C] () -- C:\Windows\System32\portex16.dll
[2009.09.21 13:40:47 | 000,001,074 | RH-- | C] () -- C:\Users\Jasmin\XrxWm.ini
[2009.09.21 13:40:47 | 000,000,522 | RH-- | C] () -- C:\Users\Jasmin\xw45cpdy.dyc
[2008.03.31 14:34:54 | 000,015,428 | ---- | C] () -- C:\Users\Jasmin\RefEdit.exd
[2008.03.24 11:41:03 | 000,017,408 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.23 16:48:30 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

so gut?

Bester Gruss!

cosinus · 06.12.2012, 09:36

Unvollständige Logs helfen keinem weiter

svenjens · 06.12.2012, 10:42

Code:

ATTFilter

OTL logfile created on: 04.12.2012 23:29:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Jasmin\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 57,94% Memory free
3,98 Gb Paging File | 2,75 Gb Available in Paging File | 68,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,35 Gb Total Space | 80,38 Gb Free Space | 56,47% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 5,60 Gb Free Space | 83,65% Space Free | Partition Type: NTFS
Drive F: | 931,28 Gb Total Space | 884,39 Gb Free Space | 94,96% Space Free | Partition Type: FAT32
 
Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Jasmin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (DynDNS Updater) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Jasmin\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Inc.)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A4AF7F9-BACF-4CCE-B8DD-5D594ACFE3FD}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
IE - HKLM\..\SearchScopes\{CDF23B15-A6AA-4B3E-BD24-366770C1B603}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{4736ECB3-E860-4FD0-9B65-204F32B48712}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{A243734D-0F97-4006-A1FE-4773A31A315C}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{A7FC913E-53C2-488F-B66D-1AE1901CE3BF}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{AB01892A-4DDF-4D2E-8567-77A58637E3FA}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{C05C4C38-5B4B-4AD5-BD8E-34DFC416045C}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{CDCCBDFC-7C30-4EF6-84A0-0E002D94F97F}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\..\SearchScopes\{D00279DD-DCF2-4F09-A823-A38D3074AE72}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1E72F50D-C261-4317-A733-826E3E991268&apn_sauid=0B52D481-EF7F-419B-B4A8-65763560A47E
IE - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tesi-golf.de/jtlshop/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 00:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 00:33:53 | 000,000,000 | ---D | M]
 
[2009.06.14 14:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions
[2012.12.03 17:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\jhrgq5se.default\extensions
[2010.04.27 20:15:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\jhrgq5se.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.29 20:55:16 | 000,005,599 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\jhrgq5se.default\searchplugins\1und1-suche.xml
[2009.12.29 20:55:16 | 000,001,381 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\jhrgq5se.default\searchplugins\amazonde.xml
[2009.12.29 20:55:16 | 000,010,613 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\jhrgq5se.default\searchplugins\gmx-suche.xml
[2009.12.29 20:55:16 | 000,005,596 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\jhrgq5se.default\searchplugins\webde-suche.xml
[2012.10.27 00:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.27 00:33:19 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.10.27 00:33:20 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Program Files\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2012.10.27 00:33:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.27 00:33:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 00:33:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.27 00:34:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.07 22:54:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 15:55:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.07 22:54:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 22:54:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 22:54:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 22:54:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.01 11:47:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AB58530-AA04-47EB-AADC-61D7B98CB19D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5400980E-52F8-475F-830C-B60A550104D6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640F8865-CB56-4C41-90E6-FF56CF9AB645}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F4A7880-170D-4BB8-90C4-CE1931643431}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.03 14:05:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3369885131-2479379214-1242257067-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.01 11:50:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.01 11:50:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.01 11:38:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.01 11:38:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.01 11:38:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.01 11:38:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.01 11:38:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.01 11:37:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.28 17:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.11.28 17:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.11.28 16:00:51 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2012.11.28 16:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 16:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.28 16:00:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 16:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.28 14:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.11.28 14:22:35 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.11.21 12:09:04 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\PerformerSoft
[2012.11.16 10:45:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.16 10:45:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.16 10:45:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.16 10:45:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.16 10:45:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.16 10:45:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.16 10:45:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.16 10:45:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 07:02:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 07:02:15 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.07 10:27:07 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.11.07 10:26:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.11.07 10:25:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.11.07 10:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.11.07 10:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.11.07 10:20:06 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012.11.07 10:20:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012.11.07 10:20:06 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012.11.07 10:19:35 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.11.07 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Windows Live
[2012.11.07 10:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.11.07 09:59:16 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.04 23:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.12.04 22:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.04 22:25:13 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 22:25:13 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 11:16:27 | 000,000,512 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.12.04 10:32:21 | 000,783,122 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.04 10:32:21 | 000,715,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.04 10:32:21 | 000,185,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.04 10:32:21 | 000,150,668 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.04 10:25:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 17:46:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.03 17:15:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.03 17:15:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.01 12:06:02 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.01 11:47:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.29 10:51:40 | 000,239,042 | ---- | M] () -- C:\Users\Jasmin\Desktop\001 (2).jpg
[2012.11.29 10:29:32 | 000,327,609 | ---- | M] () -- C:\Users\Jasmin\Desktop\001.jpg
[2012.11.28 17:27:38 | 000,001,950 | ---- | M] () -- C:\Users\Jasmin\Desktop\HiJackThis.lnk
[2012.11.28 15:29:21 | 000,017,408 | ---- | M] () -- C:\Users\Jasmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.28 14:24:48 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.11.26 14:23:03 | 002,466,249 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1569.jpg
[2012.11.26 14:22:51 | 002,503,135 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1568.jpg
[2012.11.26 14:22:42 | 001,741,032 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1564.jpg
[2012.11.26 14:22:28 | 002,143,975 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1570.jpg
[2012.11.26 14:22:22 | 001,639,027 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1566.jpg
[2012.11.26 14:10:00 | 002,563,098 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1567.jpg
[2012.11.26 14:10:00 | 001,791,467 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1563.jpg
[2012.11.26 14:10:00 | 001,665,710 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1571.jpg
[2012.11.26 14:10:00 | 001,629,574 | ---- | M] () -- C:\Users\Jasmin\Desktop\IMG_1565.jpg
[2012.11.16 11:00:01 | 000,477,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.12.03 17:46:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.12.01 11:38:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.01 11:38:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.01 11:38:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.01 11:38:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.01 11:38:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.29 10:51:40 | 000,239,042 | ---- | C] () -- C:\Users\Jasmin\Desktop\001 (2).jpg
[2012.11.29 10:29:32 | 000,327,609 | ---- | C] () -- C:\Users\Jasmin\Desktop\001.jpg
[2012.11.28 17:27:38 | 000,001,950 | ---- | C] () -- C:\Users\Jasmin\Desktop\HiJackThis.lnk
[2012.11.28 14:24:32 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.11.28 14:04:13 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.11.26 14:23:03 | 002,466,249 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1569.jpg
[2012.11.26 14:22:51 | 002,503,135 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1568.jpg
[2012.11.26 14:22:42 | 001,741,032 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1564.jpg
[2012.11.26 14:22:28 | 002,143,975 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1570.jpg
[2012.11.26 14:22:22 | 001,639,027 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1566.jpg
[2012.11.26 14:10:00 | 002,563,098 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1567.jpg
[2012.11.26 14:10:00 | 001,791,467 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1563.jpg
[2012.11.26 14:10:00 | 001,665,710 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1571.jpg
[2012.11.26 14:10:00 | 001,629,574 | ---- | C] () -- C:\Users\Jasmin\Desktop\IMG_1565.jpg
[2012.11.07 10:25:32 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.11.07 10:25:06 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.11.07 10:24:18 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.11.07 10:23:29 | 000,001,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.04.20 14:10:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bxd9440cn.dat
[2012.02.27 14:33:15 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd8065dn.dat
[2012.02.27 14:28:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.02.24 19:34:20 | 000,000,000 | ---- | C] () -- C:\Users\Jasmin\defogger_reenable
[2011.06.20 09:15:33 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.02.05 11:18:43 | 000,000,053 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.02.05 11:18:43 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2011.02.05 11:17:40 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.02.05 11:17:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011.02.05 11:17:40 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.02.05 11:17:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.02.05 11:17:39 | 000,013,111 | ---- | C] () -- C:\Windows\HL-1430.INI
[2011.01.28 13:07:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.01.28 13:07:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\W2KUSBIF.DLL
[2011.01.28 13:07:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\spusbif.dll
[2011.01.28 13:07:31 | 000,001,593 | ---- | C] () -- C:\Windows\System32\portex16.dll
[2009.09.21 13:40:47 | 000,001,074 | RH-- | C] () -- C:\Users\Jasmin\XrxWm.ini
[2009.09.21 13:40:47 | 000,000,522 | RH-- | C] () -- C:\Users\Jasmin\xw45cpdy.dyc
[2008.03.31 14:34:54 | 000,015,428 | ---- | C] () -- C:\Users\Jasmin\RefEdit.exd
[2008.03.24 11:41:03 | 000,017,408 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.23 16:48:30 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

ja habe das wohl falsch gemacht..danke für den Hinweis

cosinus · 06.12.2012, 12:27

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

03.12.2012, 20:09	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Defender startet nicht Fehler 0x800106ba WIN VISTA/ Trojaner Trojan.SpyEyes.WC Die Dinger sollten schon nach Möglichkeit sauber deinstalliert werden...naj egal Wo ist denn das Log vom aswCleaner? Bitte in CODE-Tags... __________________ Logfiles bitte immer in CODE-Tags posten

05.12.2012, 11:20	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Defender startet nicht Fehler 0x800106ba WIN VISTA/ Trojaner Trojan.SpyEyes.WC Du hast aber nur das Extras-Log gepostet, das andere Log die OTL.txt wäre viel wichtiger __________________ Logfiles bitte immer in CODE-Tags posten

06.12.2012, 09:36	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Defender startet nicht Fehler 0x800106ba WIN VISTA/ Trojaner Trojan.SpyEyes.WC Unvollständige Logs helfen keinem weiter __________________ Logfiles bitte immer in CODE-Tags posten

Windows Defender startet nicht Fehler 0x800106ba WIN VISTA/ Trojaner Trojan.SpyEyes.WC

Log-Analyse und Auswertung: Windows Defender startet nicht Fehler 0x800106ba WIN VISTA/ Trojaner Trojan.SpyEyes.WC