Nach Starten von allen Spielen hängt sich PC auf

Gervogt · 17.04.2013, 12:22

Mein PC hängt sich nach dem Starten von jeder Art von Spielen plötzlich nach max. 5 Minuten auf. STRG-ALT-ENTF hat keine Wirkung. PC muss von Hand ausgeschaltet werden.
Ich habe als OS Windows Vista 32bit und habe mit den Standardtools alle möglichen HW-Überprüfungen durchgeführt - ohne Fehlermeldung

cosinus · 17.04.2013, 15:01

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Gervogt · 17.04.2013, 19:33

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.04.2013 19:58:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 50,95% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,40 Gb Total Space | 337,92 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 0,99 Gb Free Space | 9,67% Space Free | Partition Type: NTFS
Drive E: | 6,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 928,42 Gb Total Space | 927,95 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive Y: | 3,08 Gb Total Space | 3,04 Gb Free Space | 98,62% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
PRC - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()
PRC - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()
PRC - C:\Programme\WISO Internet Security\avfwsvc.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\avguard.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\sched.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\avgnt.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Corel\Corel Digital Studio 2010\Gadget.exe (Corel)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c956038a981c82dd25f1939a981e65c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\itapi.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\audio.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\coder.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\log.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll ()
MOD - C:\Programme\Corel\Corel Digital Studio 2010\WinShell.dll ()
MOD - C:\Programme\Corel\Corel Digital Studio 2010\GoldenGateCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll ()
MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (NasPmService) -- \LS-WXL985\info\English\NasNavi2\Windows\nassvc.exe File not found
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe File not found
SRV - (AVEService) -- C:\Program Files\WISO Internet Security\avesvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirFirewallService) -- C:\Programme\WISO Internet Security\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\WISO Internet Security\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\WISO Internet Security\sched.exe (Avira GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PCDSRVC{D5068648-4046B656-06000000}_0) -- c:\pcdr5\pcdsrvc.pkms File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cdrbsvsd) --  File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a4yfxasu) --  File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {FF0547FA-AB15-45F9-9793-3AFAE9031EAE}
IE - HKLM\..\SearchScopes\{C60360F0-0D4D-448E-B2D1-F8BFF7FA043E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FF0547FA-AB15-45F9-9793-3AFAE9031EAE}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\..\SearchScopes,DefaultScope = {FF0547FA-AB15-45F9-9793-3AFAE9031EAE}
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\..\SearchScopes\{FF0547FA-AB15-45F9-9793-3AFAE9031EAE}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "GMX Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.28 10:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 19:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.11.13 20:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.28 10:52:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 19:49:11 | 000,000,000 | ---D | M]
 
[2009.12.27 12:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.04.14 10:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions
[2010.05.08 14:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.14 10:51:59 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions\fb_add_on@avm.de
[2013.02.03 09:41:43 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions\toolbar@ask.com
[2009.10.04 13:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Sunbird\Profiles\5c0w4e1l.default\extensions
[2013.03.23 19:47:44 | 000,502,957 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\extensions\toolbar@gmx.net.xpi
[2013.03.23 19:47:52 | 000,001,050 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\11-suche.xml
[2013.03.23 19:47:52 | 000,002,418 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\englische-ergebnisse.xml
[2013.03.23 19:47:51 | 000,010,701 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\gmx-suche.xml
[2013.03.23 19:47:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\lastminute.xml
[2013.03.23 19:47:51 | 000,005,682 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\webde-suche.xml
[2013.04.15 19:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.15 19:49:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.15 19:49:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.04 18:50:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.15 15:32:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.04 18:50:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.04 18:50:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.04 18:50:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.04 18:50:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\WISO Internet Security\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CorelGadget] C:\Program Files\Common Files\Ulead Systems\Gadget\GadgetEB.dll (Corel)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4005405533-982616463-2909516546-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY File not found
O4 - HKU\S-1-5-21-4005405533-982616463-2909516546-1003..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKU\S-1-5-21-4005405533-982616463-2909516546-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4005405533-982616463-2909516546-1003\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{183034A3-2761-47C6-9B68-2B92338D53EB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99D72F6C-D8EF-4A25-92E9-049217F81429}: NameServer = 192.168.0.200
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.24 08:37:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{12447e3b-b499-11de-931e-001e8cc5a2a3}\Shell - "" = AutoRun
O33 - MountPoints2\{12447e3b-b499-11de-931e-001e8cc5a2a3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{14895d33-2f5b-11df-aa8a-001e8cc5a2a3}\Shell - "" = AutoRun
O33 - MountPoints2\{14895d33-2f5b-11df-aa8a-001e8cc5a2a3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4383a072-0bc5-11de-8c85-0016449ad641}\Shell - "" = AutoRun
O33 - MountPoints2\{4383a072-0bc5-11de-8c85-0016449ad641}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e939fed3-61c1-11de-9052-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e939fed3-61c1-11de-9052-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\cbs.exe -- [2012.03.09 16:53:38 | 003,427,328 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.17 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013.04.16 22:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.04.16 21:58:26 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013.04.16 21:58:25 | 002,555,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013.04.16 21:56:27 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.04.16 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.16 21:50:38 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.04.16 21:50:37 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.04.16 21:50:37 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.04.16 21:50:37 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.04.16 21:50:37 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.04.16 21:50:36 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.04.16 21:50:36 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.04.16 21:50:36 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.04.16 21:50:36 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.04.16 21:50:33 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.04.16 21:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.04.15 19:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 20:25:20 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 20:25:20 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 20:25:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 20:25:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 20:25:14 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 20:25:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.04.10 20:25:14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.10 20:25:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.10 20:25:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.10 20:25:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 20:25:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 20:25:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 20:25:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 20:25:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 20:25:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 20:25:13 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 20:25:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 20:25:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.10 20:25:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.10 20:25:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 20:25:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.10 20:25:10 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 20:25:08 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.04 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Steuer-Sparbuch
[2013.04.04 21:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[2013.03.26 21:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.17 19:45:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 19:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 19:29:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 19:29:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 19:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.17 17:29:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.17 17:29:49 | 3220,414,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.16 23:09:47 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013.04.16 22:49:20 | 000,699,408 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.16 22:49:20 | 000,655,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.16 22:49:20 | 000,156,538 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.16 22:49:20 | 000,128,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.16 22:25:27 | 000,037,604 | ---- | M] () -- C:\Users\User\Desktop\System Informationen.html
[2013.04.16 21:38:27 | 000,244,736 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.15 21:35:32 | 299,363,802 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.12 14:04:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.04.12 13:56:22 | 000,330,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.11 21:25:22 | 000,000,952 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.11 21:25:17 | 000,000,918 | ---- | M] () -- C:\Users\User\Desktop\Dropbox.lnk
[2013.04.04 21:01:37 | 000,001,125 | ---- | M] () -- C:\Windows\wiso.ini
[2013.04.04 21:01:25 | 000,001,666 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.04.04 21:01:25 | 000,001,634 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.03.26 21:49:09 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 22:25:25 | 000,037,604 | ---- | C] () -- C:\Users\User\Desktop\System Informationen.html
[2013.04.16 21:50:37 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.04.04 21:01:25 | 000,001,666 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.04.04 21:01:25 | 000,001,634 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.03.26 21:49:09 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.25 15:05:07 | 000,186,608 | ---- | C] () -- C:\Windows\Weird Wars Uninstaller.exe
[2012.10.14 10:04:27 | 000,161,735 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2012.10.14 10:04:27 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2012.10.14 09:50:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.10.12 15:04:21 | 000,182,386 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012.10.12 15:04:21 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2012.02.10 12:01:29 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.10 12:01:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.04.20 17:22:35 | 000,000,385 | ---- | C] () -- C:\Windows\uninst.ini
[2010.05.30 13:50:03 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.11 17:47:46 | 000,000,088 | ---- | C] () -- C:\Users\User\AppData\Roaming\usb.inf
[2010.02.24 09:55:55 | 000,000,096 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2010.01.12 15:43:54 | 000,028,969 | ---- | C] () -- C:\Users\User\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.01.08 19:01:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.06 21:37:40 | 000,012,958 | ---- | C] () -- C:\Users\User\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2009.12.03 20:18:38 | 006,883,293 | ---- | C] () -- C:\Program Files\hcf1718.exe
[2009.10.12 17:04:23 | 000,038,410 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft Excel.ADR
[2009.08.19 23:24:30 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009.07.19 13:35:10 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2008.12.15 20:32:31 | 000,022,328 | ---- | C] () -- C:\Users\User\AppData\Roaming\PnkBstrK.sys
[2008.10.31 19:22:41 | 000,244,736 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.27 21:09:21 | 000,154,442 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat
[2008.10.27 20:50:56 | 000,967,558 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.02.14 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ankh - Heart of Osiris
[2009.03.23 10:24:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Beedv
[2008.10.28 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Black Sea Studios
[2008.12.10 21:49:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service
[2010.04.07 19:50:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2013.04.17 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2010.01.10 19:26:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\everlight
[2012.04.27 09:39:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imidut
[2010.08.04 21:31:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imperium Romanum
[2012.09.01 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Internet-Manager
[2008.12.04 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InterTrust
[2011.12.30 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kalypso Media
[2011.08.05 12:11:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Koagyw
[2009.06.21 18:59:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2011.08.05 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NASNaviator2
[2009.05.05 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2008.11.01 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011.04.29 13:11:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Packlib
[2009.10.04 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RDecke
[2012.04.30 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Saze
[2009.07.19 13:31:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Online
[2008.11.13 16:02:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tank Combat
[2013.02.25 19:46:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2013.04.05 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2013.04.17 20:09:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2010.05.30 13:56:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ulead Systems
[2009.04.17 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WD
[2008.10.24 09:52:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
[2011.02.26 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WISO Internet Security
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.04.2013 19:58:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 50,95% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,40 Gb Total Space | 337,92 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 0,99 Gb Free Space | 9,67% Space Free | Partition Type: NTFS
Drive E: | 6,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 928,42 Gb Total Space | 927,95 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive Y: | 3,08 Gb Total Space | 3,04 Gb Free Space | 98,62% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG, T-Com)
 
[HKEY_USERS\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8E3137D4-8B5D-4B2A-8FC6-58D8A12844AB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{F91A872D-EDE3-458B-8C39-FD6B4409028D}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022D9848-E1A4-4499-84E2-66CCBCB4AF67}" = protocol=17 | dir=in | app=c:\spiele\riseandfall\riseandfall.exe | 
"{02A83081-3397-4EC0-A71F-1AABC1CD7DF2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{0841E516-F940-4967-9662-30A5A2FBCF66}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe | 
"{0A9700F2-66A4-4D76-9239-D806F8E40E1C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{0B585657-BD81-46BA-AF96-28F0A9D8A99B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{100F0064-C8F7-470D-A454-4B2D127E1645}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{172626ED-9EF7-426C-849D-95B5DDAAAFCF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1B92B109-E64C-4F73-8F6F-22A2FCF4B2EE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{220B4B69-F2E3-4D1D-BE79-BAF00E83F020}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{2521F218-BEE9-41E0-B858-D48675103789}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"{26942A3B-A7EF-4556-9415-69E67070744F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2B613729-BEFF-40AC-9D57-C928A6546A3F}" = protocol=6 | dir=in | app=c:\spiele\civilization\civilization4.exe | 
"{2B7C6FD5-2BBC-469A-BF77-46394CD75844}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2E3F36BB-902E-4953-B9C6-23383E949033}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{324021C6-929D-4CB9-89A2-859B3E27AF3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{32F8BE3D-EB41-4BCF-83A4-A4CB6C0F1780}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{33FDCFF9-312A-48AA-B200-BCDD49293B4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{35566548-F1A6-4B37-9CDF-19DCCC725F29}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38B67817-B4EA-4C5F-8A19-6C25B8DB0AF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{429D8FD1-9D2A-4E8A-B4A0-155CE89AE224}" = protocol=6 | dir=in | app=c:\spiele\riseandfall\riseandfall.exe | 
"{42E6538D-59EA-4CA0-8A9E-3BF7E67C87D5}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{43D8ABD2-2082-44E0-99C2-92BF6ECE32BA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{457DADB5-8D39-4246-849E-353732F0EF30}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{45831A3B-A519-4ECA-83AF-7EB6AD293A6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{474968DC-193F-4E8C-A193-2137CC577772}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{4ACDDAF4-C629-4AEB-912D-C424150EBCC5}" = protocol=6 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_game.exe | 
"{508EDAA4-AC35-4315-A288-E4DA9996D715}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{54AD739A-B929-4658-A7CF-1F66E06BFA62}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{58F089F6-5F8F-4D2B-A0F8-15EC1EB62723}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5AA029D0-A714-4960-B4FA-01A1C69AAB61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{5E9679B4-D8EC-436C-BC19-AC3BC9C1312B}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe | 
"{62785FA4-4FDF-4D38-AEDA-EF633F75F85B}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{6477E6ED-AF01-4FDD-8792-19D28AB7B6A3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{69D180FB-04BC-49BB-9C88-BDE8F42204D0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{6ECDC00F-D9FA-43A5-A102-90A87899A0E1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{72DF528E-39F9-4AB5-9C89-EC4A40C3BBE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{773ABF0A-2DE9-41B6-9FFA-682F7FCEBCFD}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{7E5836D8-28D8-481E-ADEA-D8F6E46A149F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{896C874C-75E0-4505-856B-4F023F6C741B}" = protocol=6 | dir=in | app=c:\spiele\stronghold\stronghold2.exe | 
"{89D66C48-28E3-4856-9656-2A0B05A8050B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{8C21996F-2179-42C1-AE5C-35BD098069E6}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
"{8E9F7234-B51D-45B9-BE9E-7A7342678E7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{94FD164F-1A25-4B2F-AEC8-8FA088562B01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{977B9F04-E69D-471A-B32E-DA238B7D1DFE}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
"{9AF23161-D4ED-43C6-945A-009D21ACB7A3}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\empire total war\empire.exe | 
"{9BFEF217-67D3-45C7-93FA-92143A85FEF4}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe | 
"{9FA804BB-1DA5-4A1B-ABD6-995946C6B763}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{A02CA37D-B3BD-44BF-AC9B-D55CE1AF0F97}" = protocol=6 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_launcher.exe | 
"{AADAB97B-1875-42F4-8452-215AAE1E738A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{AFB09BFA-C130-4AAD-9F59-B5EC158E01E2}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
"{B442D7BC-CCC5-43F5-9B61-7043DB615046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B7D40227-8EE1-48C7-AD47-F51F51B8BC61}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe | 
"{BCFF1D27-86A5-4B07-8087-ADF161A1E968}" = dir=in | app=e:\setup\hpznui01.exe | 
"{BD5B1CB1-764A-4FA4-A3D7-3A9DCC56255B}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{BF4E2584-4889-44D7-A6FD-12D9477DAA00}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
"{BF519A6D-7D33-4D69-B237-4676C8401585}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{C070622E-BA62-4F2B-ACAD-DD1975A81A4F}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\empire total war\empire.exe | 
"{C093B10A-4068-4CC8-A0C4-A5A058C15213}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{C3F1A2F5-0CC0-4DCE-9FCE-0B932B35B61F}" = protocol=17 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_launcher.exe | 
"{C645279D-B4DF-478C-B276-A9C9828C27D4}" = protocol=17 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_game.exe | 
"{D16140AE-3AD1-4D27-A5D0-DAEEE8B11C65}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe | 
"{DB33B106-A32B-4921-A0ED-A7EC12A48E33}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe | 
"{DC5D14E7-5BE6-4024-9991-4287CADE2AD7}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"{E786599E-6E33-4AF3-B8BA-C320F7034B7E}" = protocol=17 | dir=in | app=c:\spiele\civilization\civilization4.exe | 
"{F5DAEBEC-915D-48DC-B632-68F8B0C8F789}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{FB8371AA-CBAA-4704-A817-7AB54149168C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{FB9F8377-6C76-4079-BA4F-80058863A02F}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FCEF430A-B637-4125-AEE0-C543F42EC23B}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{FF8ED46A-4AB0-4125-8E2E-C95D4BA56440}" = protocol=17 | dir=in | app=c:\spiele\stronghold\stronghold2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0B995C72-758B-4A21-BF9B-44E6FE268313}" = Corel Digital Studio 2010
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{03990400-F19A-468C-B089-19BDC6289F7E}" = Tycoon City New York Patch #2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A64AA64-B438-49F0-9C14-5E465C617372}" = Setup
"{0B995C72-758B-4A21-BF9B-44E6FE268313}" = ICA
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19023B3C-00D0-4BBD-A753-C0B068B10798}" = Gadget
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2CBE667E-1193-47DC-852E-2CB4747C12E3}" = Blazing Angels Squadrons of WWII
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{36D00AE6-69DE-4087-A1A9-84ADD10E5530}" = BHA B's Recorder GOLD BASIC 7.10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{414212D5-6E70-4CF1-97E7-B2AB77D131EA}" = DVDF10
"{41B65DE2-DA0E-4D55-A557-ECC39DC9BD0E}_is1" = DragonSoul
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{6EEAB9B3-1F74-4DC5-8D71-6CA0E2769E9B}" = PlayLinc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{73821601-FA08-4067-B227-EC93196E0699}" = DUNGEONS - The Dark Lord Demo
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8983409B-E79D-4712-ABDC-665052FF625B}" = Everlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CF0D400-DE7E-4431-9AC0-7340FFD867A1}" = Philips PhotoFrame Manager
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{9279CA48-10CD-4390-9C33-BFAA06E2C34A}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98372B03-7CDC-4443-AB38-1D805D6BD892}" = Digital Frame Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5101403-2C42-40E0-8D9E-5E49E7C3B89E}" = Tycoon City - New York
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1" = Terminplaner .Net
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EE19A4C4-AA74-4AA7-9264-B322B877BFA7}" = IPM_SU
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FB9C5329-F982-435C-AEC5-EE0A75EE6395}" = muvee autoProducer 6.1
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Alamandi" = Alamandi
"Ankh - Heart of Osiris" = Ankh - HdO
"Audacity_is1" = Audacity 1.2.6
"Baldur's Gate" = Baldur's Gate
"Call of Duty" = Call of Duty
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Depth Hunter Demo_is1" = Depth Hunter Demo
"Der Exorzist" = Der Exorzist
"Deutschland Spielt - Spiele Post" = Deutschland Spielt - Spiele Post
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Dungeon Quest_is1" = Dungeon Quest
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Ein Yankee unter Rittern" = Ein Yankee unter Rittern
"Farm Craft 2" = Farm Craft 2
"FFL_is1" = Code of Honor Die Fremdenlegion
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"FUSSBALL MANAGER 12 Demo" = FUSSBALL MANAGER 12 Demo
"Google Updater" = Google Updater
"heroes in the sky" = heroes in the sky
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Imperium Romanum" = Imperium Romanum 1.04 Gold Edition
"Inspector Magnusson: Mord auf der Titanic" = Inspector Magnusson: Mord auf der Titanic
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Jack Keane" = Jack Keane
"LetsTrade" = LetsTrade Komponenten
"McAfee Security Scan" = McAfee Security Scan Plus
"Mega World Smash" = Mega World Smash
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nebel der Elfen 2" = Nebel der Elfen 2
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"OpenAL" = OpenAL
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"SADK" = Die Siedler - Aufbruch der Kulturen
"Sailing Simulator 2011_is1" = Sailing Simulator 2011
"Shop for HP Supplies" = Shop for HP Supplies
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"sp41121" = sp41121
"ST6UNST #1" = Prozentrechnung-Demo
"Steam App 10500" = Empire: Total War
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 21970" = R.U.S.E
"Steam App 34030" = Napoleon: Total War
"Sudden Strike II" = Sudden Strike II
"Switch" = Switch Sound File Converter
"TC_is1" = Tank Combat: Die Panzerjäger
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"War on Terror" = War on Terror
"Warzone 2100-3.1_beta11" = Warzone 2100-3.1_beta11
"Weird Wars" = Weird Wars
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WISO Internet Security" = WISO Internet Security
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.10.2010 05:49:48 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:49:49 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:49:50 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:49:50 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:50:13 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:53:06 | Computer Name = User-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 31.10.2010 05:00:18 | Computer Name = User-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 31.10.2010 05:03:07 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 31.10.2010 08:51:08 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.11.2010 14:39:20 | Computer Name = User-PC | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 16.02.2009 14:11:08 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 16.02.2009 15:40:15 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 16.02.2009 15:41:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 16.02.2009 15:41:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.02.2009 14:16:36 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.02.2009 14:18:15 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 18.02.2009 14:18:15 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 19.02.2009 04:30:29 | Computer Name = User-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
 Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. 
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
 werden.
 
Error - 19.02.2009 04:30:29 | Computer Name = User-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet i850 nicht unter 
dem Namen Canon Inkjet i850 freigeben. Fehler: 2114. Der Drucker kann nicht von 
anderen Benutzern im Netzwerk verwendet werden.
 
Error - 19.02.2009 04:30:28 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

--- --- ---

Gervogt · 17.04.2013, 19:34

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.04.2013 19:58:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 50,95% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,40 Gb Total Space | 337,92 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 0,99 Gb Free Space | 9,67% Space Free | Partition Type: NTFS
Drive E: | 6,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 928,42 Gb Total Space | 927,95 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive Y: | 3,08 Gb Total Space | 3,04 Gb Free Space | 98,62% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
PRC - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()
PRC - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()
PRC - C:\Programme\WISO Internet Security\avfwsvc.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\avguard.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\sched.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\avgnt.exe (Avira GmbH)
PRC - C:\Programme\WISO Internet Security\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Corel\Corel Digital Studio 2010\Gadget.exe (Corel)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c956038a981c82dd25f1939a981e65c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\itapi.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\audio.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\coder.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\log.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll ()
MOD - C:\Programme\Corel\Corel Digital Studio 2010\WinShell.dll ()
MOD - C:\Programme\Corel\Corel Digital Studio 2010\GoldenGateCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll ()
MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (NasPmService) -- \LS-WXL985\info\English\NasNavi2\Windows\nassvc.exe File not found
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe File not found
SRV - (AVEService) -- C:\Program Files\WISO Internet Security\avesvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirFirewallService) -- C:\Programme\WISO Internet Security\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\WISO Internet Security\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\WISO Internet Security\sched.exe (Avira GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PCDSRVC{D5068648-4046B656-06000000}_0) -- c:\pcdr5\pcdsrvc.pkms File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cdrbsvsd) --  File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a4yfxasu) --  File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKLM\..\SearchScopes,DefaultScope = {FF0547FA-AB15-45F9-9793-3AFAE9031EAE}
IE - HKLM\..\SearchScopes\{C60360F0-0D4D-448E-B2D1-F8BFF7FA043E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FF0547FA-AB15-45F9-9793-3AFAE9031EAE}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\..\SearchScopes,DefaultScope = {FF0547FA-AB15-45F9-9793-3AFAE9031EAE}
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\..\SearchScopes\{FF0547FA-AB15-45F9-9793-3AFAE9031EAE}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-4005405533-982616463-2909516546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "GMX Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.28 10:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 19:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.11.13 20:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.28 10:52:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 19:49:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 19:49:11 | 000,000,000 | ---D | M]
 
[2009.12.27 12:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.04.14 10:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions
[2010.05.08 14:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.14 10:51:59 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions\fb_add_on@avm.de
[2013.02.03 09:41:43 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wk23d04s.default\extensions\toolbar@ask.com
[2009.10.04 13:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Sunbird\Profiles\5c0w4e1l.default\extensions
[2013.03.23 19:47:44 | 000,502,957 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\extensions\toolbar@gmx.net.xpi
[2013.03.23 19:47:52 | 000,001,050 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\11-suche.xml
[2013.03.23 19:47:52 | 000,002,418 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\englische-ergebnisse.xml
[2013.03.23 19:47:51 | 000,010,701 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\gmx-suche.xml
[2013.03.23 19:47:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\lastminute.xml
[2013.03.23 19:47:51 | 000,005,682 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wk23d04s.default\searchplugins\webde-suche.xml
[2013.04.15 19:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.15 19:49:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.15 19:49:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.04 18:50:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.15 15:32:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.04 18:50:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.04 18:50:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.04 18:50:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.04 18:50:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4005405533-982616463-2909516546-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\WISO Internet Security\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CorelGadget] C:\Program Files\Common Files\Ulead Systems\Gadget\GadgetEB.dll (Corel)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4005405533-982616463-2909516546-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY File not found
O4 - HKU\S-1-5-21-4005405533-982616463-2909516546-1003..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKU\S-1-5-21-4005405533-982616463-2909516546-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4005405533-982616463-2909516546-1003\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{183034A3-2761-47C6-9B68-2B92338D53EB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99D72F6C-D8EF-4A25-92E9-049217F81429}: NameServer = 192.168.0.200
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.24 08:37:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{12447e3b-b499-11de-931e-001e8cc5a2a3}\Shell - "" = AutoRun
O33 - MountPoints2\{12447e3b-b499-11de-931e-001e8cc5a2a3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{14895d33-2f5b-11df-aa8a-001e8cc5a2a3}\Shell - "" = AutoRun
O33 - MountPoints2\{14895d33-2f5b-11df-aa8a-001e8cc5a2a3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4383a072-0bc5-11de-8c85-0016449ad641}\Shell - "" = AutoRun
O33 - MountPoints2\{4383a072-0bc5-11de-8c85-0016449ad641}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e939fed3-61c1-11de-9052-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e939fed3-61c1-11de-9052-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\cbs.exe -- [2012.03.09 16:53:38 | 003,427,328 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.17 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013.04.16 22:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.04.16 21:58:26 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013.04.16 21:58:25 | 002,555,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013.04.16 21:56:27 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.04.16 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.16 21:50:38 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.04.16 21:50:37 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.04.16 21:50:37 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.04.16 21:50:37 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.04.16 21:50:37 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.04.16 21:50:36 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.04.16 21:50:36 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.04.16 21:50:36 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.04.16 21:50:36 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.04.16 21:50:33 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.04.16 21:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.04.15 19:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 20:25:20 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 20:25:20 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 20:25:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 20:25:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 20:25:14 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 20:25:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.04.10 20:25:14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.10 20:25:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.10 20:25:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.10 20:25:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 20:25:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 20:25:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 20:25:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 20:25:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 20:25:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 20:25:13 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 20:25:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 20:25:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.10 20:25:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.10 20:25:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 20:25:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.10 20:25:10 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 20:25:08 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.04 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Steuer-Sparbuch
[2013.04.04 21:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[2013.03.26 21:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.17 19:45:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 19:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 19:29:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 19:29:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 19:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.17 17:29:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.17 17:29:49 | 3220,414,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.16 23:09:47 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013.04.16 22:49:20 | 000,699,408 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.16 22:49:20 | 000,655,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.16 22:49:20 | 000,156,538 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.16 22:49:20 | 000,128,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.16 22:25:27 | 000,037,604 | ---- | M] () -- C:\Users\User\Desktop\System Informationen.html
[2013.04.16 21:38:27 | 000,244,736 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.15 21:35:32 | 299,363,802 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.12 14:04:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.04.12 13:56:22 | 000,330,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.11 21:25:22 | 000,000,952 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.11 21:25:17 | 000,000,918 | ---- | M] () -- C:\Users\User\Desktop\Dropbox.lnk
[2013.04.04 21:01:37 | 000,001,125 | ---- | M] () -- C:\Windows\wiso.ini
[2013.04.04 21:01:25 | 000,001,666 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.04.04 21:01:25 | 000,001,634 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.03.26 21:49:09 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 22:25:25 | 000,037,604 | ---- | C] () -- C:\Users\User\Desktop\System Informationen.html
[2013.04.16 21:50:37 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.04.04 21:01:25 | 000,001,666 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.04.04 21:01:25 | 000,001,634 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.03.26 21:49:09 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.25 15:05:07 | 000,186,608 | ---- | C] () -- C:\Windows\Weird Wars Uninstaller.exe
[2012.10.14 10:04:27 | 000,161,735 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2012.10.14 10:04:27 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2012.10.14 09:50:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.10.12 15:04:21 | 000,182,386 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012.10.12 15:04:21 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2012.02.10 12:01:29 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.10 12:01:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.04.20 17:22:35 | 000,000,385 | ---- | C] () -- C:\Windows\uninst.ini
[2010.05.30 13:50:03 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.11 17:47:46 | 000,000,088 | ---- | C] () -- C:\Users\User\AppData\Roaming\usb.inf
[2010.02.24 09:55:55 | 000,000,096 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2010.01.12 15:43:54 | 000,028,969 | ---- | C] () -- C:\Users\User\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.01.08 19:01:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.06 21:37:40 | 000,012,958 | ---- | C] () -- C:\Users\User\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2009.12.03 20:18:38 | 006,883,293 | ---- | C] () -- C:\Program Files\hcf1718.exe
[2009.10.12 17:04:23 | 000,038,410 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft Excel.ADR
[2009.08.19 23:24:30 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009.07.19 13:35:10 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2008.12.15 20:32:31 | 000,022,328 | ---- | C] () -- C:\Users\User\AppData\Roaming\PnkBstrK.sys
[2008.10.31 19:22:41 | 000,244,736 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.27 21:09:21 | 000,154,442 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat
[2008.10.27 20:50:56 | 000,967,558 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.02.14 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ankh - Heart of Osiris
[2009.03.23 10:24:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Beedv
[2008.10.28 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Black Sea Studios
[2008.12.10 21:49:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service
[2010.04.07 19:50:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2013.04.17 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2010.01.10 19:26:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\everlight
[2012.04.27 09:39:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imidut
[2010.08.04 21:31:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imperium Romanum
[2012.09.01 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Internet-Manager
[2008.12.04 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InterTrust
[2011.12.30 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kalypso Media
[2011.08.05 12:11:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Koagyw
[2009.06.21 18:59:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2011.08.05 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NASNaviator2
[2009.05.05 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2008.11.01 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011.04.29 13:11:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Packlib
[2009.10.04 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RDecke
[2012.04.30 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Saze
[2009.07.19 13:31:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Online
[2008.11.13 16:02:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tank Combat
[2013.02.25 19:46:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2013.04.05 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2013.04.17 20:09:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2010.05.30 13:56:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ulead Systems
[2009.04.17 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WD
[2008.10.24 09:52:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
[2011.02.26 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WISO Internet Security
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88050731

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.04.2013 19:58:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 50,95% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,40 Gb Total Space | 337,92 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 0,99 Gb Free Space | 9,67% Space Free | Partition Type: NTFS
Drive E: | 6,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 928,42 Gb Total Space | 927,95 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive Y: | 3,08 Gb Total Space | 3,04 Gb Free Space | 98,62% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG, T-Com)
 
[HKEY_USERS\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8E3137D4-8B5D-4B2A-8FC6-58D8A12844AB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{F91A872D-EDE3-458B-8C39-FD6B4409028D}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022D9848-E1A4-4499-84E2-66CCBCB4AF67}" = protocol=17 | dir=in | app=c:\spiele\riseandfall\riseandfall.exe | 
"{02A83081-3397-4EC0-A71F-1AABC1CD7DF2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{0841E516-F940-4967-9662-30A5A2FBCF66}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe | 
"{0A9700F2-66A4-4D76-9239-D806F8E40E1C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{0B585657-BD81-46BA-AF96-28F0A9D8A99B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{100F0064-C8F7-470D-A454-4B2D127E1645}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{172626ED-9EF7-426C-849D-95B5DDAAAFCF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1B92B109-E64C-4F73-8F6F-22A2FCF4B2EE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{220B4B69-F2E3-4D1D-BE79-BAF00E83F020}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{2521F218-BEE9-41E0-B858-D48675103789}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"{26942A3B-A7EF-4556-9415-69E67070744F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2B613729-BEFF-40AC-9D57-C928A6546A3F}" = protocol=6 | dir=in | app=c:\spiele\civilization\civilization4.exe | 
"{2B7C6FD5-2BBC-469A-BF77-46394CD75844}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2E3F36BB-902E-4953-B9C6-23383E949033}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{324021C6-929D-4CB9-89A2-859B3E27AF3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{32F8BE3D-EB41-4BCF-83A4-A4CB6C0F1780}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{33FDCFF9-312A-48AA-B200-BCDD49293B4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{35566548-F1A6-4B37-9CDF-19DCCC725F29}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38B67817-B4EA-4C5F-8A19-6C25B8DB0AF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{429D8FD1-9D2A-4E8A-B4A0-155CE89AE224}" = protocol=6 | dir=in | app=c:\spiele\riseandfall\riseandfall.exe | 
"{42E6538D-59EA-4CA0-8A9E-3BF7E67C87D5}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{43D8ABD2-2082-44E0-99C2-92BF6ECE32BA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{457DADB5-8D39-4246-849E-353732F0EF30}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{45831A3B-A519-4ECA-83AF-7EB6AD293A6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{474968DC-193F-4E8C-A193-2137CC577772}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{4ACDDAF4-C629-4AEB-912D-C424150EBCC5}" = protocol=6 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_game.exe | 
"{508EDAA4-AC35-4315-A288-E4DA9996D715}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{54AD739A-B929-4658-A7CF-1F66E06BFA62}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{58F089F6-5F8F-4D2B-A0F8-15EC1EB62723}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5AA029D0-A714-4960-B4FA-01A1C69AAB61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{5E9679B4-D8EC-436C-BC19-AC3BC9C1312B}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\game.exe | 
"{62785FA4-4FDF-4D38-AEDA-EF633F75F85B}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{6477E6ED-AF01-4FDD-8792-19D28AB7B6A3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{69D180FB-04BC-49BB-9C88-BDE8F42204D0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{6ECDC00F-D9FA-43A5-A102-90A87899A0E1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{72DF528E-39F9-4AB5-9C89-EC4A40C3BBE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{773ABF0A-2DE9-41B6-9FFA-682F7FCEBCFD}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{7E5836D8-28D8-481E-ADEA-D8F6E46A149F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{896C874C-75E0-4505-856B-4F023F6C741B}" = protocol=6 | dir=in | app=c:\spiele\stronghold\stronghold2.exe | 
"{89D66C48-28E3-4856-9656-2A0B05A8050B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{8C21996F-2179-42C1-AE5C-35BD098069E6}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
"{8E9F7234-B51D-45B9-BE9E-7A7342678E7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{94FD164F-1A25-4B2F-AEC8-8FA088562B01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{977B9F04-E69D-471A-B32E-DA238B7D1DFE}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
"{9AF23161-D4ED-43C6-945A-009D21ACB7A3}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\empire total war\empire.exe | 
"{9BFEF217-67D3-45C7-93FA-92143A85FEF4}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe | 
"{9FA804BB-1DA5-4A1B-ABD6-995946C6B763}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{A02CA37D-B3BD-44BF-AC9B-D55CE1AF0F97}" = protocol=6 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_launcher.exe | 
"{AADAB97B-1875-42F4-8452-215AAE1E738A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{AFB09BFA-C130-4AAD-9F59-B5EC158E01E2}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
"{B442D7BC-CCC5-43F5-9B61-7043DB615046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B7D40227-8EE1-48C7-AD47-F51F51B8BC61}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe | 
"{BCFF1D27-86A5-4B07-8087-ADF161A1E968}" = dir=in | app=e:\setup\hpznui01.exe | 
"{BD5B1CB1-764A-4FA4-A3D7-3A9DCC56255B}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{BF4E2584-4889-44D7-A6FD-12D9477DAA00}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
"{BF519A6D-7D33-4D69-B237-4676C8401585}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{C070622E-BA62-4F2B-ACAD-DD1975A81A4F}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\empire total war\empire.exe | 
"{C093B10A-4068-4CC8-A0C4-A5A058C15213}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{C3F1A2F5-0CC0-4DCE-9FCE-0B932B35B61F}" = protocol=17 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_launcher.exe | 
"{C645279D-B4DF-478C-B276-A9C9828C27D4}" = protocol=17 | dir=in | app=c:\spiele\rainbow vegas 2\binaries\r6vegas2_game.exe | 
"{D16140AE-3AD1-4D27-A5D0-DAEEE8B11C65}" = protocol=17 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe | 
"{DB33B106-A32B-4921-A0ED-A7EC12A48E33}" = protocol=6 | dir=in | app=c:\program files\skiregion simulator 2012 demo\skiregionsimulator2012.exe | 
"{DC5D14E7-5BE6-4024-9991-4287CADE2AD7}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"{E786599E-6E33-4AF3-B8BA-C320F7034B7E}" = protocol=17 | dir=in | app=c:\spiele\civilization\civilization4.exe | 
"{F5DAEBEC-915D-48DC-B632-68F8B0C8F789}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{FB8371AA-CBAA-4704-A817-7AB54149168C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{FB9F8377-6C76-4079-BA4F-80058863A02F}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FCEF430A-B637-4125-AEE0-C543F42EC23B}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{FF8ED46A-4AB0-4125-8E2E-C95D4BA56440}" = protocol=17 | dir=in | app=c:\spiele\stronghold\stronghold2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0B995C72-758B-4A21-BF9B-44E6FE268313}" = Corel Digital Studio 2010
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{03990400-F19A-468C-B089-19BDC6289F7E}" = Tycoon City New York Patch #2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A64AA64-B438-49F0-9C14-5E465C617372}" = Setup
"{0B995C72-758B-4A21-BF9B-44E6FE268313}" = ICA
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19023B3C-00D0-4BBD-A753-C0B068B10798}" = Gadget
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2CBE667E-1193-47DC-852E-2CB4747C12E3}" = Blazing Angels Squadrons of WWII
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{36D00AE6-69DE-4087-A1A9-84ADD10E5530}" = BHA B's Recorder GOLD BASIC 7.10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{414212D5-6E70-4CF1-97E7-B2AB77D131EA}" = DVDF10
"{41B65DE2-DA0E-4D55-A557-ECC39DC9BD0E}_is1" = DragonSoul
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{6EEAB9B3-1F74-4DC5-8D71-6CA0E2769E9B}" = PlayLinc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{73821601-FA08-4067-B227-EC93196E0699}" = DUNGEONS - The Dark Lord Demo
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8983409B-E79D-4712-ABDC-665052FF625B}" = Everlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CF0D400-DE7E-4431-9AC0-7340FFD867A1}" = Philips PhotoFrame Manager
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{9279CA48-10CD-4390-9C33-BFAA06E2C34A}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98372B03-7CDC-4443-AB38-1D805D6BD892}" = Digital Frame Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5101403-2C42-40E0-8D9E-5E49E7C3B89E}" = Tycoon City - New York
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1" = Terminplaner .Net
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EE19A4C4-AA74-4AA7-9264-B322B877BFA7}" = IPM_SU
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FB9C5329-F982-435C-AEC5-EE0A75EE6395}" = muvee autoProducer 6.1
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Alamandi" = Alamandi
"Ankh - Heart of Osiris" = Ankh - HdO
"Audacity_is1" = Audacity 1.2.6
"Baldur's Gate" = Baldur's Gate
"Call of Duty" = Call of Duty
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Depth Hunter Demo_is1" = Depth Hunter Demo
"Der Exorzist" = Der Exorzist
"Deutschland Spielt - Spiele Post" = Deutschland Spielt - Spiele Post
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Dungeon Quest_is1" = Dungeon Quest
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Ein Yankee unter Rittern" = Ein Yankee unter Rittern
"Farm Craft 2" = Farm Craft 2
"FFL_is1" = Code of Honor Die Fremdenlegion
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"FUSSBALL MANAGER 12 Demo" = FUSSBALL MANAGER 12 Demo
"Google Updater" = Google Updater
"heroes in the sky" = heroes in the sky
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Imperium Romanum" = Imperium Romanum 1.04 Gold Edition
"Inspector Magnusson: Mord auf der Titanic" = Inspector Magnusson: Mord auf der Titanic
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Jack Keane" = Jack Keane
"LetsTrade" = LetsTrade Komponenten
"McAfee Security Scan" = McAfee Security Scan Plus
"Mega World Smash" = Mega World Smash
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nebel der Elfen 2" = Nebel der Elfen 2
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"OpenAL" = OpenAL
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"SADK" = Die Siedler - Aufbruch der Kulturen
"Sailing Simulator 2011_is1" = Sailing Simulator 2011
"Shop for HP Supplies" = Shop for HP Supplies
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"sp41121" = sp41121
"ST6UNST #1" = Prozentrechnung-Demo
"Steam App 10500" = Empire: Total War
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 21970" = R.U.S.E
"Steam App 34030" = Napoleon: Total War
"Sudden Strike II" = Sudden Strike II
"Switch" = Switch Sound File Converter
"TC_is1" = Tank Combat: Die Panzerjäger
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"War on Terror" = War on Terror
"Warzone 2100-3.1_beta11" = Warzone 2100-3.1_beta11
"Weird Wars" = Weird Wars
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WISO Internet Security" = WISO Internet Security
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4005405533-982616463-2909516546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.10.2010 05:49:48 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:49:49 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:49:50 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:49:50 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:50:13 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.10.2010 05:53:06 | Computer Name = User-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 31.10.2010 05:00:18 | Computer Name = User-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 31.10.2010 05:03:07 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 31.10.2010 08:51:08 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.11.2010 14:39:20 | Computer Name = User-PC | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 16.02.2009 14:11:08 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 16.02.2009 15:40:15 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 16.02.2009 15:41:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 16.02.2009 15:41:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.02.2009 14:16:36 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.02.2009 14:18:15 | Computer Name = User-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 18.02.2009 14:18:15 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 19.02.2009 04:30:29 | Computer Name = User-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
 Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. 
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
 werden.
 
Error - 19.02.2009 04:30:29 | Computer Name = User-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet i850 nicht unter 
dem Namen Canon Inkjet i850 freigeben. Fehler: 2114. Der Drucker kann nicht von 
anderen Benutzern im Netzwerk verwendet werden.
 
Error - 19.02.2009 04:30:28 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

--- --- ---

cosinus · 18.04.2013, 12:57

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Gervogt · 18.04.2013, 21:41

Hallo,

ich habe die entsprechenden Anweisungen befolgt.

Leider ist bei GMER sowohl im nichtabgesicherten als auch im abgesicherten Modus eine Windows-Fehlermeldung angezeigt und der Prozess abgebrochen worden:

Qmer funktioniert nicht mehr....

Malwarebytes hat problemlos funktioniert. Allerdings wurden keine Probleme gefunden. s. Logfile

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
Malwarebytes : Free Anti-Malware download

Database version: v2013.04.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
User :: USER-PC [administrator]

18.04.2013 22:28:33
mbar-log-2013-04-18 (22-28-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28948
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 19.04.2013, 01:00

Die nächsten Logs bitte in CODE-Tags

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Nach Starten von allen Spielen hängt sich PC auf

Plagegeister aller Art und deren Bekämpfung: Nach Starten von allen Spielen hängt sich PC auf