Weißer Bildschirm, nichts geht mehr

MarcoGottsch · 17.06.2013, 20:46

Hallo,
bin neu hier, aber schon lange Fan des Forums. :-) Habe hier einen Rechner von nem Bekannten bekommen. Ist ein wohl schon bekannte Problem was hier auch schon abgehandelt wurde. Da ich aber dieses Mal auf Nr. sicher gehen möchte guckt euch das Elend doch mal bitte an. Weißer Bildschirm nach Systemstart, abgesicherter Modus führt direkt nach Anmeldung zu Neustart. Mal sehen ob ich die beiden Logs hierein kopiert bekomme. Wenn nicht, seht mir das bitte nach, ich kenne mich mit diesen Dingen nicht so gut aus. Also dann OTL.log:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/17/2013 10:33:06 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116.84 Gb Total Space | 12.05 Gb Free Space | 10.32% Space Free | Partition Type: NTFS
Drive D: | 107.25 Gb Total Space | 105.38 Gb Free Space | 98.25% Space Free | Partition Type: NTFS
Drive E: | 8.78 Gb Total Space | 3.66 Gb Free Space | 41.71% Space Free | Partition Type: FAT32
Drive J: | 7.49 Gb Total Space | 7.48 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/12 14:31:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/17 09:26:03 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe -- (PopularScreensavers_7iService)
SRV - [2013/01/26 11:57:52 | 000,945,328 | ---- | M] () [Auto] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/11 11:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/09/22 07:03:30 | 000,974,944 | ---- | M] (ESET) [Auto] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/01/28 07:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/05/14 12:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/01/08 09:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (SymIM)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/06/17 06:49:30 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2013/01/26 11:57:53 | 000,031,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/08/09 09:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 04:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 04:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/01/20 07:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/05/02 05:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2005/06/07 20:00:00 | 000,799,488 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdslbase.sys -- (FDSLBASE) AVM FRITZ!Card DSL (WinXP/2000)
DRV - [2005/06/07 20:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2005/06/07 20:00:00 | 000,045,440 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmdsloe.sys -- (AVMDSLPPPOE)
DRV - [2005/06/07 20:00:00 | 000,038,992 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmndsl.sys -- (AVMNDSL)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/01 08:58:10 | 001,272,000 | ---- | M] (C-Media Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004/08/27 07:28:22 | 000,116,736 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) Hauppauge WinTV PVR PCI II (26xxx)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/03/17 10:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/10 10:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004/01/16 04:31:56 | 000,380,736 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/10/03 15:40:12 | 000,013,356 | ---- | M] (Winbond Electronics Corp.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\wbusb.sys -- (WBUSB)
DRV - [2002/03/19 04:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 07:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/06/04 01:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000/08/28 08:32:36 | 000,040,960 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgivEcp)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857572
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - Reg Error: Key error. File not found
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@popularscreensavers.com/Plugin: C:\Programme\PopularScreensavers\NPp5Stub.dll (popularscreensavers.com)
FF - HKLM\Software\MozillaPlugins\@PopularScreensavers_7i.com/Plugin: C:\Programme\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/30 08:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/11 10:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7iffxtbr@PopularScreensavers_7i.com: C:\Programme\PopularScreensavers_7i\bar\1.bin [2013/03/17 09:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/21 06:36:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2004/08/10 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Toolbar BHO) - {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Search Assistant BHO) - {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll (MindSpark)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (PopularScreensavers) - {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PopularScreensavers Search Scope Monitor] C:\Programme\PopularScreensavers_7i\bar\1.bin\7iSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [PopularScreensavers_7i Browser Plugin Loader] C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Heinz_*****_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Heinz_*****_ON_C..\Run: [EPSON SX430 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Heinz_*****_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mclymukxuxrltfcmk.exe (Mozilla Foundation)
O4 - HKU\Heinz_*****_ON_C..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\Heinz_*****_ON_C..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Programme\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Heinz_*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098695436718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Heinz_*****_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/20 13:33:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 14 Days ==========
 
[2009/11/10 15:27:53 | 000,017,504 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2006/06/05 03:26:42 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2013/06/17 14:39:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/17 14:32:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/17 14:32:38 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/17 08:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/17 07:59:21 | 000,163,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\2433f433
[2013/06/17 07:59:21 | 000,163,033 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/06/17 07:59:21 | 000,163,025 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/06/17 07:32:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/17 07:30:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/17 06:49:30 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2013/06/17 06:49:26 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/06/16 13:30:16 | 000,054,414 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\wklnhst.dat
[2013/06/12 14:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 14:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/12 08:55:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/07 11:37:40 | 000,001,781 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013/06/06 13:12:01 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2013/06/05 13:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/17 07:59:21 | 000,163,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\2433f433
[2013/06/17 07:59:21 | 000,163,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/06/17 07:59:21 | 000,163,025 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/02/18 11:39:23 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/02/18 11:39:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/02/18 11:39:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2013/02/18 11:39:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/11/11 10:03:50 | 000,031,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/08/20 11:59:03 | 000,400,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2167212709-1071202314-851240243-1006-0.dat
[2012/07/15 05:51:22 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\PBFLT09.DLL
[2012/07/15 05:51:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\PBDBC09.DLL
[2012/07/15 05:51:21 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\PBBAS09.DLL
[2012/07/15 05:51:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/07/15 05:51:21 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\IVTRN09.DLL
[2012/06/14 07:28:40 | 000,400,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012/04/19 02:05:05 | 000,167,936 | R--- | C] () -- C:\WINDOWS\A4.dll
[2012/04/19 02:05:05 | 000,045,056 | R--- | C] () -- C:\WINDOWS\GetKey.dll
[2012/02/15 08:19:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 08:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/09/15 03:58:51 | 000,000,414 | ---- | C] () -- C:\WINDOWS\Ausba4.ini
[2011/07/04 13:43:56 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/10/01 05:22:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2010/09/25 05:16:31 | 000,122,176 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/31 03:28:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/07/31 03:28:46 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/06/08 11:35:46 | 002,089,984 | ---- | C] () -- C:\WINDOWS\System32\CustomPic.dll
[2010/01/22 13:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2009/11/23 14:45:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/11/10 15:27:53 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009/11/10 15:21:08 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2009/06/05 14:52:40 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\winscp.rnd
[2009/03/29 05:45:39 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2009/02/11 11:43:41 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2009/02/10 13:40:43 | 000,000,092 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2009/02/10 13:40:42 | 000,000,188 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 13:40:31 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2009/02/10 13:40:31 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2009/02/10 13:40:31 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2009/02/10 13:40:31 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2009/02/10 13:40:31 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2009/01/27 12:38:42 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/27 12:38:42 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/27 12:38:42 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/27 12:38:42 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/27 12:38:42 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/27 12:38:42 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/27 12:38:42 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/27 12:38:42 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/27 12:38:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/27 12:38:42 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/01/27 12:38:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/27 12:38:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/27 12:38:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/27 12:38:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/27 12:38:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/27 12:38:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/01/27 12:38:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/01/27 12:38:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/27 12:38:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/18 15:59:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/02/20 07:59:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 07:59:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/20 06:24:46 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/10/16 09:46:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2006/08/04 09:07:50 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\lcmfx32n.dll
[2006/08/04 08:52:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\comctt64.dll
[2006/06/12 05:25:30 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2006/06/06 11:49:37 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816White12.dat
[2006/06/06 11:49:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\6816Error.dat
[2006/06/06 11:49:33 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816Dark12.dat
[2006/06/06 11:49:30 | 000,000,006 | ---- | C] () -- C:\WINDOWS\6816Exposure.dat
[2006/06/06 11:49:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Offset.dat
[2006/06/06 11:49:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Gain.dat
[2006/05/20 13:54:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/05/06 03:24:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/22 15:44:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\ktel.ini
[2006/02/12 04:54:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Loewe_3.ini
[2006/01/15 08:21:37 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/25 05:38:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/10/14 14:07:34 | 000,003,068 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/09/30 05:01:00 | 000,012,037 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini
[2005/09/30 04:56:32 | 000,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2005/09/30 04:56:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\dll32.dll
[2005/09/30 04:56:32 | 000,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2005/09/30 04:56:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Ssthunk.dll
[2005/09/30 04:56:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Ntfax.exe
[2005/09/30 04:56:32 | 000,012,800 | ---- | C] () -- C:\WINDOWS\Ss16ft.dll
[2005/09/30 04:56:32 | 000,012,160 | ---- | C] () -- C:\WINDOWS\LxUsbOpn.dll
[2005/09/30 04:56:32 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Ssds16.ini
[2005/09/30 04:56:32 | 000,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2005/09/30 04:56:32 | 000,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2005/09/30 04:56:32 | 000,002,267 | ---- | C] () -- C:\WINDOWS\Ssdef16.ini
[2005/09/30 04:56:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2005/09/30 04:32:47 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\Dosfnt32.dll
[2005/09/30 04:32:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\Ldepcl32.dll
[2005/09/30 04:32:47 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\Lexunst.exe
[2005/09/30 04:32:46 | 000,036,352 | ---- | C] () -- C:\WINDOWS\Ins480cx.dll
[2005/09/30 04:32:46 | 000,000,340 | ---- | C] () -- C:\WINDOWS\Ssdustat.ini
[2005/09/17 08:45:19 | 000,054,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\wklnhst.dat
[2005/09/17 08:35:59 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005/06/07 20:00:00 | 001,187,314 | ---- | C] () -- C:\WINDOWS\System32\fdslbase.bin
[2004/10/26 12:26:47 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2004/10/26 12:26:47 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/10/26 12:26:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2004/10/26 12:26:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/10/22 11:01:12 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/10/22 10:15:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 08:16:00 | 000,001,062 | R--- | C] () -- C:\WINDOWS\KochRun.ini
[2004/10/22 08:15:59 | 000,823,296 | R--- | C] () -- C:\WINDOWS\KochRun.exe
[2004/10/22 08:15:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/10/22 08:12:38 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2004/10/22 08:12:38 | 000,000,159 | ---- | C] () -- C:\WINDOWS\typing.INI
[2004/10/21 20:36:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSIFPCTL.exe
[2004/10/21 19:24:04 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004/10/21 18:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 17:52:32 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2004/10/20 14:25:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/20 14:24:51 | 000,519,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/20 13:44:08 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2004/10/20 13:44:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2004/10/20 13:43:50 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/20 13:35:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/20 13:30:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/20 13:29:24 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/20 13:19:38 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/20 13:19:33 | 000,532,222 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/10/20 13:19:33 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/10/20 13:19:33 | 000,100,980 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/10/20 13:19:33 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/10/20 13:19:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/20 13:19:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/20 13:19:19 | 000,510,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/20 13:19:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/20 13:19:19 | 000,084,062 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/20 13:19:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/20 13:19:19 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/20 13:19:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/20 13:19:16 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/20 13:19:16 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/20 13:19:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/20 13:19:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/20 09:37:37 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2004/10/20 09:37:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004/10/20 09:37:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/10/20 09:37:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2004/10/20 09:36:24 | 000,380,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRISMA00.sys
[2004/06/28 16:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/18 02:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2002/02/27 11:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 11:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 11:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 11:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 11:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
 
========== LOP Check ==========
 
[2012/03/31 02:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\.minecraft
[2012/03/31 07:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\AVG Secure Search
[2008/12/27 09:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Canon
[2012/01/02 06:55:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Epson
[2005/10/05 05:44:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\FRITZ!
[2007/05/19 07:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\InterTrust
[2006/02/22 15:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\klickTel
[2006/03/18 11:58:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Leadertech
[2006/09/22 13:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\MSNInstaller
[2009/01/06 08:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\OpenOffice.org
[2009/01/27 13:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Panasonic
[2013/03/17 09:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\PopularScreensavers_7i
[2013/04/14 13:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\PriceGong
[2010/06/08 11:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\ProtectDISC
[2011/10/21 13:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Registry Mechanic
[2010/10/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Ubisoft
[2006/05/20 14:24:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Zylom
[2012/11/17 14:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/11 10:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2008/12/27 09:29:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012/03/31 07:16:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010/06/08 11:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2012/01/02 06:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011/12/21 06:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2009/02/11 12:06:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2009/02/11 12:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2012/06/14 07:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2004/10/21 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2004/10/21 17:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2006/09/22 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2013/06/05 13:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006/04/17 14:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio
[2010/10/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2012/01/02 06:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2006/05/20 08:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2008/12/12 15:14:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/09/24 16:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/02 12:55:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/06/07 06:47:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Einfache Internetanmeldung.job
[2013/06/05 13:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2013/06/17 08:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Heinz *****\Desktop\Gewerbeschau Flyer 2008.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Heinz *****\Desktop\Gewerbeschau Flyer 2008 Innenseite.png:SummaryInformation
@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
< End of report >

--- --- ---

und Extras.log:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 6/17/2013 10:33:06 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116.84 Gb Total Space | 12.05 Gb Free Space | 10.32% Space Free | Partition Type: NTFS
Drive D: | 107.25 Gb Total Space | 105.38 Gb Free Space | 98.25% Space Free | Partition Type: NTFS
Drive E: | 8.78 Gb Total Space | 3.66 Gb Free Space | 41.71% Space Free | Partition Type: FAT32
Drive J: | 7.49 Gb Total Space | 7.48 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%ProgramFiles%\MSN Messenger\msnmsgr.exe" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
"%ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe" = %ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe:*:Enabled:SeaWar -- (Tavex)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%ProgramFiles%\MSN Messenger\msnmsgr.exe" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
"%ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe" = %ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe:*:Enabled:SeaWar -- (Tavex)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"C:\Programme\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Programme\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe" = C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe:*:Enabled:IncrediMail Installer
"C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\3d_magic_installer.exe" = C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe" = C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*:Disabled:splintercell3 -- ()
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Skiregion Simulator 2012 Demo\SkiRegionSimulator2012.exe" = C:\Programme\Skiregion Simulator 2012 Demo\SkiRegionSimulator2012.exe:*:Enabled:Skiregion Simulator 2012 Demo -- (GIANTS Software GmbH)
"C:\Programme\Skiregion Simulator 2012 Demo\game.exe" = C:\Programme\Skiregion Simulator 2012 Demo\game.exe:*:Enabled:Skiregion Simulator 2012 Demo -- (GIANTS Software GmbH)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{410DB3C9-001E-4AE2-BF2C-9FF2B8ADC8FA}" = MICHELsoft 8.0.16 Easy
"{41599341-3771-4454-99BC-D65ED3AB8F37}" = Digitale Telefonauskunft 2005
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6FB31AFA-5B77-4E9E-96C9-55ABB3FBF94F}" = Niedersachsen.de Bildschirmschoner
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{77D65C14-F73A-494F-A96E-53B40D635A1F}" = Digitale Rückwärtssuche 2005
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82D8304F-73D7-4EE6-8472-D0684BAA2865}" = AGEIA PhysX v7.05.06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E421CE-58D7-457C-A49D-0E0B4DD5AED8}" = MICHELsoft Demo 7.0
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A01872BE-2123-4F1B-B295-E3D1774DC0C9}" = Pinnacle InstantCD/DVD Suite
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF872023-6648-42AF-9A07-1E6F55FE7291}" = ESET NOD32 Antivirus
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alien Attack" = Alien Attack
"AVG Secure Search" = AVG Security Toolbar
"Birth of America_is1" = Birth of America Demo (1.08)
"Bridge Building Game" = Bridge Building Game
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"CTV Blitz - Training Windows XP" = CTV Blitz - Training Windows XP
"DeInst_d2vexcrd C:/Programme/Top200 V4" = Top200 Viewer basierend auf Geogrid®-Viewer Version 2.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Elf_1 Toolbar" = Elf 1 Toolbar
"Elf_1.12 Toolbar" = Elf 1.12 Toolbar
"Elf_1.15 Toolbar" = Elf 1.15 Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series
"EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series
"EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series
"Fairies Deluxe" = Fairies Deluxe
"FlipAlbum 3.1 (Eval)" = FlipAlbum 3.1 (Eval)
"Freeware.de Toolbar" = Freeware.de Toolbar
"Google Chrome" = Google Chrome
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IKBDB2" = HeinzeBauOffice Kommunales Bauen
"IncrediMail" = IncrediMail
"INFOTHEK KOMPAKT" = INFOTHEK KOMPAKT
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.2.0
"MD9700" = MD9700
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"Mustek 1200 UB Plus v2.0" = Mustek 1200 UB Plus v2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ocean Express Deluxe" = Ocean Express Deluxe
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PopularScreensavers_7ibar Uninstall" = PopularScreensavers Toolbar and Software
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealArcade 1.2" = RealArcade
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Schiffe versenken" = Schiffe versenken
"Shockwave" = Shockwave
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"SmideoAppId_is1" = Smideo HD
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"TextBridge Pro 8.0" = TextBridge Pro 8.0
"Tipptrainer" = Tipptrainer Gold
"Two Worlds Demo" = Two Worlds Demo
"Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12
"VLC media player" = VLC media player 0.9.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.1.9
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"Xerox WC480cx Print" = Xerox WC480cx Druckertreiber
"Xerox WorkCentre 480cx Scan" = TWAIN-Treiber
"XP-Games JRE" = XP-Games JRE
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
< End of report >

--- --- ---

Da es nicht mein Rechner ist, habe ich auch brav den Namen durch Sternschen ersetzt.

Au wei, also eine Tabelle muss ich nicht einfügen. Sorry, aber ich weiß es leider echt nicht besser. :-(

aharonov · 17.06.2013, 20:56

Hallo MarcoGottsch und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
- Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Kannst du den Rechner nach folgendem Fix wieder normal starten?

Schritt 1

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2013/06/17 07:59:21 | 000,163,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\2433f433
[2013/06/17 07:59:21 | 000,163,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/06/17 07:59:21 | 000,163,025 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
O20 - HKU\Heinz_*****_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\Heinz_*****_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mclymukxuxrltfcmk.exe (Mozilla Foundation)

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTLpe

MarcoGottsch · 17.06.2013, 21:09

Das ist ja Wahnsinn, so eine schnelle Reaktion ist kaum zu fassen. Leider habe ich genauso schnell schon wieder Mist gebaut. :-( Habe versehentlich das Fixlog geschlossen. Dachte s würde gespeichert werden, wurde es aber scheinbar nicht. Was tun, neuen Scandurchlauf starten? Beim Bootvorgang habe ich dann auch gerade noch die CD drin gelassen und so startet der Rechner jetzt gerade neu von CD.

Der Rechner startet nach wie vor nicht.

aharonov · 17.06.2013, 23:38

Hallo,

Zitat:

Der Rechner startet nach wie vor nicht.

Also immer noch dieser weisse Bildschirm?
Dann mach bitte ein neues OTL-Log mit der CD (wie du es eingangs gemacht hast) und poste den Inhalt der OTL.txt hier.

MarcoGottsch · 18.06.2013, 08:45

So, habe noch einmal beide Logs erstellt. OTL:

Code:

ATTFilter

OTL logfile created on: 6/18/2013 12:38:47 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116.84 Gb Total Space | 10.05 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 107.25 Gb Total Space | 105.38 Gb Free Space | 98.25% Space Free | Partition Type: NTFS
Drive E: | 8.78 Gb Total Space | 3.66 Gb Free Space | 41.71% Space Free | Partition Type: FAT32
Drive J: | 7.49 Gb Total Space | 7.48 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/12 14:31:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/17 09:26:03 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe -- (PopularScreensavers_7iService)
SRV - [2013/01/26 11:57:52 | 000,945,328 | ---- | M] () [Auto] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/11 11:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/09/22 07:03:30 | 000,974,944 | ---- | M] (ESET) [Auto] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/01/28 07:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/05/14 12:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/01/08 09:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (SymIM)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/06/17 06:49:30 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2013/01/26 11:57:53 | 000,031,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/08/09 09:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 04:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 04:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/01/20 07:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/05/02 05:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2005/06/07 20:00:00 | 000,799,488 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdslbase.sys -- (FDSLBASE) AVM FRITZ!Card DSL (WinXP/2000)
DRV - [2005/06/07 20:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2005/06/07 20:00:00 | 000,045,440 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmdsloe.sys -- (AVMDSLPPPOE)
DRV - [2005/06/07 20:00:00 | 000,038,992 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmndsl.sys -- (AVMNDSL)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/01 08:58:10 | 001,272,000 | ---- | M] (C-Media Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004/08/27 07:28:22 | 000,116,736 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) Hauppauge WinTV PVR PCI II (26xxx)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/03/17 10:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/10 10:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004/01/16 04:31:56 | 000,380,736 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/10/03 15:40:12 | 000,013,356 | ---- | M] (Winbond Electronics Corp.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\wbusb.sys -- (WBUSB)
DRV - [2002/03/19 04:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 07:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/06/04 01:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000/08/28 08:32:36 | 000,040,960 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgivEcp)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857572
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - Reg Error: Key error. File not found
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
IE - HKU\Heinz_*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinz_*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@popularscreensavers.com/Plugin: C:\Programme\PopularScreensavers\NPp5Stub.dll (popularscreensavers.com)
FF - HKLM\Software\MozillaPlugins\@PopularScreensavers_7i.com/Plugin: C:\Programme\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/30 08:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/11 10:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7iffxtbr@PopularScreensavers_7i.com: C:\Programme\PopularScreensavers_7i\bar\1.bin [2013/03/17 09:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/21 06:36:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2004/08/10 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Toolbar BHO) - {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Search Assistant BHO) - {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll (MindSpark)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Elf 1 Toolbar) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (PopularScreensavers) - {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Elf 1 Toolbar) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Programme\Elf_1\prxtbElf0.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Programme\Elf_1.12\prxtbElf0.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Programme\Elf_1.15\prxtbElf2.dll (Conduit Ltd.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Heinz_*****_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PopularScreensavers Search Scope Monitor] C:\Programme\PopularScreensavers_7i\bar\1.bin\7iSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [PopularScreensavers_7i Browser Plugin Loader] C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Heinz_*****_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Heinz_*****_ON_C..\Run: [EPSON SX430 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Heinz_*****_ON_C..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\Heinz_*****_ON_C..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Programme\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\Mustek 1200 UB Plus\Driver\WATCH.exe (Common Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Heinz_*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098695436718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Blue_Sonic_1024x768.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Blue_Sonic_1024x768.BMP
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/20 13:33:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/17 23:03:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/29 05:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\ESET
[2009/11/10 15:27:53 | 000,017,504 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2006/06/05 03:26:42 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/17 18:30:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/17 18:30:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/17 18:29:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/17 18:29:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/17 18:29:44 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/17 08:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/17 07:32:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/17 06:49:30 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2013/06/17 06:49:26 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/06/16 13:30:16 | 000,054,414 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\wklnhst.dat
[2013/06/12 14:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 14:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/12 08:55:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/07 11:37:40 | 000,001,781 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013/06/06 13:12:01 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2013/06/05 13:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2013/05/31 14:15:19 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz *****\Desktop\Microsoft Word.lnk
[2013/05/31 14:11:09 | 000,000,095 | ---- | M] () -- C:\WINDOWS\tb96.ini
[2013/05/31 14:09:23 | 000,002,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Word.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/17 18:29:44 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/31 14:13:20 | 000,002,495 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Desktop\Microsoft Word.lnk
[2013/05/20 07:17:00 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/18 11:39:23 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/02/18 11:39:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/02/18 11:39:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2013/02/18 11:39:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/11/11 10:03:50 | 000,031,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/08/20 11:59:03 | 000,400,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2167212709-1071202314-851240243-1006-0.dat
[2012/07/15 05:51:22 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\PBFLT09.DLL
[2012/07/15 05:51:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\PBDBC09.DLL
[2012/07/15 05:51:21 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\PBBAS09.DLL
[2012/07/15 05:51:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/07/15 05:51:21 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\IVTRN09.DLL
[2012/06/14 07:28:40 | 000,400,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012/04/19 02:05:05 | 000,167,936 | R--- | C] () -- C:\WINDOWS\A4.dll
[2012/04/19 02:05:05 | 000,045,056 | R--- | C] () -- C:\WINDOWS\GetKey.dll
[2012/02/15 08:19:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 08:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/09/15 03:58:51 | 000,000,414 | ---- | C] () -- C:\WINDOWS\Ausba4.ini
[2011/07/04 13:43:56 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/10/01 05:22:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2010/09/25 05:16:31 | 000,122,176 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/31 03:28:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/07/31 03:28:46 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/06/08 11:35:46 | 002,089,984 | ---- | C] () -- C:\WINDOWS\System32\CustomPic.dll
[2010/01/22 13:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2009/11/23 14:45:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/11/10 15:27:53 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009/11/10 15:21:08 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2009/06/05 14:52:40 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\winscp.rnd
[2009/03/29 05:45:39 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2009/02/11 11:43:41 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2009/02/10 13:40:43 | 000,000,092 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2009/02/10 13:40:42 | 000,000,188 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 13:40:31 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2009/02/10 13:40:31 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2009/02/10 13:40:31 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2009/02/10 13:40:31 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2009/02/10 13:40:31 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2009/01/27 12:38:42 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/27 12:38:42 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/27 12:38:42 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/27 12:38:42 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/27 12:38:42 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/27 12:38:42 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/27 12:38:42 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/27 12:38:42 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/27 12:38:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/27 12:38:42 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/01/27 12:38:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/27 12:38:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/27 12:38:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/27 12:38:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/27 12:38:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/27 12:38:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/01/27 12:38:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/01/27 12:38:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/27 12:38:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/18 15:59:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/02/20 07:59:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 07:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 07:59:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/20 06:24:46 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/10/16 09:46:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2006/08/04 09:07:50 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\lcmfx32n.dll
[2006/08/04 08:52:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\comctt64.dll
[2006/06/12 05:25:30 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2006/06/06 11:49:37 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816White12.dat
[2006/06/06 11:49:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\6816Error.dat
[2006/06/06 11:49:33 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816Dark12.dat
[2006/06/06 11:49:30 | 000,000,006 | ---- | C] () -- C:\WINDOWS\6816Exposure.dat
[2006/06/06 11:49:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Offset.dat
[2006/06/06 11:49:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Gain.dat
[2006/05/20 13:54:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/05/06 03:24:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/22 15:44:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\ktel.ini
[2006/02/12 04:54:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Loewe_3.ini
[2006/01/15 08:21:37 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/25 05:38:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/10/14 14:07:34 | 000,003,068 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/09/30 05:01:00 | 000,012,037 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini
[2005/09/30 04:56:32 | 000,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2005/09/30 04:56:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\dll32.dll
[2005/09/30 04:56:32 | 000,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2005/09/30 04:56:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Ssthunk.dll
[2005/09/30 04:56:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Ntfax.exe
[2005/09/30 04:56:32 | 000,012,800 | ---- | C] () -- C:\WINDOWS\Ss16ft.dll
[2005/09/30 04:56:32 | 000,012,160 | ---- | C] () -- C:\WINDOWS\LxUsbOpn.dll
[2005/09/30 04:56:32 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Ssds16.ini
[2005/09/30 04:56:32 | 000,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2005/09/30 04:56:32 | 000,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2005/09/30 04:56:32 | 000,002,267 | ---- | C] () -- C:\WINDOWS\Ssdef16.ini
[2005/09/30 04:56:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2005/09/30 04:32:47 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\Dosfnt32.dll
[2005/09/30 04:32:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\Ldepcl32.dll
[2005/09/30 04:32:47 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\Lexunst.exe
[2005/09/30 04:32:46 | 000,036,352 | ---- | C] () -- C:\WINDOWS\Ins480cx.dll
[2005/09/30 04:32:46 | 000,000,340 | ---- | C] () -- C:\WINDOWS\Ssdustat.ini
[2005/09/17 08:45:19 | 000,054,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\wklnhst.dat
[2005/09/17 08:35:59 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005/06/07 20:00:00 | 001,187,314 | ---- | C] () -- C:\WINDOWS\System32\fdslbase.bin
[2004/10/26 12:26:47 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2004/10/26 12:26:47 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/10/26 12:26:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2004/10/26 12:26:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/10/22 11:01:12 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/10/22 10:15:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 08:16:00 | 000,001,062 | R--- | C] () -- C:\WINDOWS\KochRun.ini
[2004/10/22 08:15:59 | 000,823,296 | R--- | C] () -- C:\WINDOWS\KochRun.exe
[2004/10/22 08:15:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/10/22 08:12:38 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2004/10/22 08:12:38 | 000,000,159 | ---- | C] () -- C:\WINDOWS\typing.INI
[2004/10/21 20:36:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSIFPCTL.exe
[2004/10/21 19:24:04 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2004/10/21 18:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 17:52:32 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2004/10/20 14:25:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/20 14:24:51 | 000,519,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/20 13:44:08 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2004/10/20 13:44:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2004/10/20 13:43:50 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/20 13:35:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/20 13:30:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/20 13:29:24 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/20 13:19:38 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/20 13:19:33 | 000,532,222 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/10/20 13:19:33 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/10/20 13:19:33 | 000,100,980 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/10/20 13:19:33 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/10/20 13:19:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/20 13:19:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/20 13:19:19 | 000,510,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/20 13:19:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/20 13:19:19 | 000,084,062 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/20 13:19:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/20 13:19:19 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/20 13:19:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/20 13:19:16 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/20 13:19:16 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/20 13:19:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/20 13:19:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/20 09:37:37 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2004/10/20 09:37:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004/10/20 09:37:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/10/20 09:37:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2004/10/20 09:36:24 | 000,380,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRISMA00.sys
[2004/06/28 16:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/18 02:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2002/02/27 11:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 11:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 11:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 11:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 11:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
 
========== LOP Check ==========
 
[2012/03/31 02:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\.minecraft
[2012/03/31 07:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\AVG Secure Search
[2008/12/27 09:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Canon
[2012/01/02 06:55:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Epson
[2005/10/05 05:44:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\FRITZ!
[2007/05/19 07:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\InterTrust
[2006/02/22 15:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\klickTel
[2006/03/18 11:58:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Leadertech
[2006/09/22 13:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\MSNInstaller
[2009/01/06 08:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\OpenOffice.org
[2009/01/27 13:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Panasonic
[2013/03/17 09:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\PopularScreensavers_7i
[2013/04/14 13:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\PriceGong
[2010/06/08 11:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\ProtectDISC
[2011/10/21 13:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Registry Mechanic
[2010/10/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Ubisoft
[2006/05/20 14:24:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz *****\Anwendungsdaten\Zylom
[2012/11/17 14:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/11 10:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2008/12/27 09:29:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012/03/31 07:16:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010/06/08 11:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2012/01/02 06:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011/12/21 06:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2009/02/11 12:06:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2009/02/11 12:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2012/06/14 07:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2004/10/21 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2004/10/21 17:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2006/09/22 13:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2013/06/05 13:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006/04/17 14:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio
[2010/10/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2012/01/02 06:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2006/05/20 08:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2008/12/12 15:14:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/09/24 16:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/02 12:55:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/06/07 06:47:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Einfache Internetanmeldung.job
[2013/06/05 13:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2013/06/17 08:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Heinz *****\Desktop\Gewerbeschau Flyer 2008.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Heinz *****\Desktop\Gewerbeschau Flyer 2008 Innenseite.png:SummaryInformation
@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
< End of report >

Und die Extras:

Code:

ATTFilter

OTL Extras logfile created on: 6/18/2013 12:38:47 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116.84 Gb Total Space | 10.05 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 107.25 Gb Total Space | 105.38 Gb Free Space | 98.25% Space Free | Partition Type: NTFS
Drive E: | 8.78 Gb Total Space | 3.66 Gb Free Space | 41.71% Space Free | Partition Type: FAT32
Drive J: | 7.49 Gb Total Space | 7.48 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%ProgramFiles%\MSN Messenger\msnmsgr.exe" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
"%ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe" = %ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe:*:Enabled:SeaWar -- (Tavex)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%ProgramFiles%\MSN Messenger\msnmsgr.exe" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
"%ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe" = %ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe:*:Enabled:SeaWar -- (Tavex)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"C:\Programme\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Programme\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe" = C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe:*:Enabled:IncrediMail Installer
"C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\3d_magic_installer.exe" = C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe" = C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*:Disabled:splintercell3 -- ()
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Skiregion Simulator 2012 Demo\SkiRegionSimulator2012.exe" = C:\Programme\Skiregion Simulator 2012 Demo\SkiRegionSimulator2012.exe:*:Enabled:Skiregion Simulator 2012 Demo -- (GIANTS Software GmbH)
"C:\Programme\Skiregion Simulator 2012 Demo\game.exe" = C:\Programme\Skiregion Simulator 2012 Demo\game.exe:*:Enabled:Skiregion Simulator 2012 Demo -- (GIANTS Software GmbH)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{410DB3C9-001E-4AE2-BF2C-9FF2B8ADC8FA}" = MICHELsoft 8.0.16 Easy
"{41599341-3771-4454-99BC-D65ED3AB8F37}" = Digitale Telefonauskunft 2005
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6FB31AFA-5B77-4E9E-96C9-55ABB3FBF94F}" = Niedersachsen.de Bildschirmschoner
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{77D65C14-F73A-494F-A96E-53B40D635A1F}" = Digitale Rückwärtssuche 2005
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82D8304F-73D7-4EE6-8472-D0684BAA2865}" = AGEIA PhysX v7.05.06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E421CE-58D7-457C-A49D-0E0B4DD5AED8}" = MICHELsoft Demo 7.0
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A01872BE-2123-4F1B-B295-E3D1774DC0C9}" = Pinnacle InstantCD/DVD Suite
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF872023-6648-42AF-9A07-1E6F55FE7291}" = ESET NOD32 Antivirus
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alien Attack" = Alien Attack
"AVG Secure Search" = AVG Security Toolbar
"Birth of America_is1" = Birth of America Demo (1.08)
"Bridge Building Game" = Bridge Building Game
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"CTV Blitz - Training Windows XP" = CTV Blitz - Training Windows XP
"DeInst_d2vexcrd C:/Programme/Top200 V4" = Top200 Viewer basierend auf Geogrid®-Viewer Version 2.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Elf_1 Toolbar" = Elf 1 Toolbar
"Elf_1.12 Toolbar" = Elf 1.12 Toolbar
"Elf_1.15 Toolbar" = Elf 1.15 Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series
"EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series
"EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series
"Fairies Deluxe" = Fairies Deluxe
"FlipAlbum 3.1 (Eval)" = FlipAlbum 3.1 (Eval)
"Freeware.de Toolbar" = Freeware.de Toolbar
"Google Chrome" = Google Chrome
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IKBDB2" = HeinzeBauOffice Kommunales Bauen
"IncrediMail" = IncrediMail
"INFOTHEK KOMPAKT" = INFOTHEK KOMPAKT
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.2.0
"MD9700" = MD9700
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"Mustek 1200 UB Plus v2.0" = Mustek 1200 UB Plus v2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ocean Express Deluxe" = Ocean Express Deluxe
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PopularScreensavers_7ibar Uninstall" = PopularScreensavers Toolbar and Software
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealArcade 1.2" = RealArcade
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Schiffe versenken" = Schiffe versenken
"Shockwave" = Shockwave
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"SmideoAppId_is1" = Smideo HD
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"TextBridge Pro 8.0" = TextBridge Pro 8.0
"Tipptrainer" = Tipptrainer Gold
"Two Worlds Demo" = Two Worlds Demo
"Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12
"VLC media player" = VLC media player 0.9.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.1.9
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"Xerox WC480cx Print" = Xerox WC480cx Druckertreiber
"Xerox WorkCentre 480cx Scan" = TWAIN-Treiber
"XP-Games JRE" = XP-Games JRE
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
< End of report >

aharonov · 18.06.2013, 11:00

Hallo,

ich brauch dieses Mal das Fixlog von folgendem Fix:

Schritt 1

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:files
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\*.dll /s
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\*.exe /s

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTLpe

MarcoGottsch · 18.06.2013, 11:53

Startet wieder! Hier das Log:

Code:

ATTFilter

========== FILES ==========
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\avguidx.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\iGearedHelper.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mclymukxuxrltfcmk.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mfc80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mfc80u.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mfcm80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\mfcm80u.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\MFPL7014.DLL moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\msvcm80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\msvcp80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\msvcr80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\WtgDriverInstallX.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\WTGXMLUtil.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\_ISTMP3.DIR\_ISTMP0.DIR\dialogs.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{126AC4B6-4376-4D67-B3CA-43DA35EB496B}\ISSetup.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{126AC4B6-4376-4D67-B3CA-43DA35EB496B}\_Setup.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{174E401A-B891-4CE2-9997-5A811C636154}\ISSetup.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdate.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_am.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ar.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_bg.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_bn.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ca.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_cs.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_da.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_de.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_el.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_en-GB.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_en.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_es-419.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_es.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_et.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_fa.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_fi.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_fil.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_fr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_gu.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_hi.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_hr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_hu.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_id.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_is.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_it.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_iw.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ja.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_kn.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ko.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_lt.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_lv.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ml.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_mr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ms.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_nl.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_no.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_pl.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_pt-BR.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_pt-PT.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ro.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ru.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_sk.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_sl.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_sr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_sv.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_sw.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ta.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_te.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_th.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_tr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_uk.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_ur.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_vi.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_zh-CN.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\goopdateres_zh-TW.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\npGoogleUpdate3.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\psmachine.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\psuser.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\InstallFont.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\isrt.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\IS_Tools.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\msvcr100_clr0400.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\PanaRawCodec.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\SDVProcess.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\UserConfig2.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\_isres_0x0407.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\_IsUser.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\_isuser_0x0407.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\InstallFont.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\isrt.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\IS_Tools.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\msvcr100_clr0400.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\PanaRawCodec.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\SDVProcess.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\UserConfig2.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\_isres_0x0407.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\_IsUser.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\_isuser_0x0407.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{E712B98D-E536-44BC-A4B2-3CE3BF3180EF}\ISSetup.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{E712B98D-E536-44BC-A4B2-3CE3BF3180EF}\_Setup.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{EE0A3792-B0E8-412B-99FC-1FA1E5FA43C0}\ISSetup.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdate.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_am.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ar.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_bg.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_bn.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ca.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_cs.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_da.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_de.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_el.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_en-GB.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_en.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_es-419.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_es.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_et.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_fa.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_fi.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_fil.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_fr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_gu.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_hi.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_hr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_hu.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_id.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_is.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_it.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_iw.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ja.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_kn.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ko.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_lt.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_lv.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ml.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_mr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ms.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_nl.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_no.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_pl.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_pt-BR.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_pt-PT.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ro.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ru.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_sk.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_sl.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_sr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_sv.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_sw.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ta.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_te.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_th.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_tr.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_uk.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_ur.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_vi.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_zh-CN.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\goopdateres_zh-TW.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\npGoogleUpdate3.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\psmachine.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\psuser.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\avg@toolbar\components\FF4\toolbarhomewmp.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\OCS\ICSharpCode.SharpZipLib.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\atl80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\mfc80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\mfc80u.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\mfcm80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\mfcm80u.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\msvcm80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\msvcp80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\msvcr80.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\WtgDriverInstall.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\WtgDriverInstallX.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\WTGXMLUtil.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\Drivers\OnDemand\32\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\Drivers\OnDemand\32\Xp\Huawei.4.20.07\WdfCoInstaller01007.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\Drivers\OnDemand\64\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\UTPSDLL\GdiPlus.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\UTPSDLL\mfc71.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\UTPSDLL\MFC71u.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\UTPSDLL\msvcp71.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\UTPSDLL\msvcr71.dll moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\CommonInstaller.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\DataCard_Setup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\MachineIdCreator.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\OSU.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\PromptInfo.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ResetDevice.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\TB_6.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\TB_71.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\TB_72.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ToolbarInstaller.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Uninstaller.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\_is93.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\_isA1.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{174E401A-B891-4CE2-9997-5A811C636154}\setup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\GoogleCrashHandler.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\GoogleCrashHandler64.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\GoogleUpdate.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\GoogleUpdateBroker.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\GoogleUpdateOnDemand.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{1A22DE49-A3F0-4E9A-A1BD-188FFB83F037}\GoogleUpdateSetup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\dotnetinstaller.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\dotnetchk.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\InstallMDAC.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\NetFx20SP2_x86.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\ngen.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\UninstallOldVer.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\vcredist_x86 2005.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\vcredist_x86.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\vcredist_x86_2010.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\wic_x86_enu.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{23D362C7-BEBF-451B-8C26-D44128989822}\{E715809A-194F-4AD6-84E6-36C88267940B}\WindowsInstaller-KB893803-v2-x86.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\dotnetinstaller.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\dotnetchk.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\InstallMDAC.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\NetFx20SP2_x86.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\ngen.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\UninstallOldVer.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\vcredist_x86 2005.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\vcredist_x86.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\vcredist_x86_2010.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\wic_x86_enu.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{4CD0BCF2-40FA-431B-96B4-516C574AB6D1}\{E715809A-194F-4AD6-84E6-36C88267940B}\WindowsInstaller-KB893803-v2-x86.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{BAE8D98F-F948-4B88-8555-1612858EE462}\InstallFlashPlayer.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{EE0A3792-B0E8-412B-99FC-1FA1E5FA43C0}\setup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\GoogleCrashHandler.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\GoogleCrashHandler64.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\GoogleUpdate.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\GoogleUpdateBroker.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\GoogleUpdateOnDemand.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\{F5645871-F428-4E72-B4CA-8E7F4D1EB675}\GoogleUpdateSetup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\1fvvlzy9.tmp\SkypeSetupFull.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\2.dir\InstallFlashPlayer.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\AGEIA\Driver\rescanDevNode.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ct2736476\ieLogic.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ct2736476\statisticsStub.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\is-N5UJL.tmp\allcodecs.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\is-QCD0G.tmp\wmv9VCMsetup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\IXP302.TMP\SetupAdmin.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\OCS\ocs_v6a.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\317fdf987c04b22611f99a6886986182\SkiRegionSimulator2012DemoDE.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\b441594ae6e3615fc17be3c3dd0973fd\freeware_Toolbar_setup.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\Installer.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\OSU.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\OSU64.exe moved successfully.
C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\Setup\AdditionalFiles\Huaweiregcleaner.exe moved successfully.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06182013_164251

Das ist das Log was mir nach der Bereinigung angezeigt wurde, nicht das aus dem Ordner. Sind aber wohl identisch.

aharonov · 18.06.2013, 12:22

Zitat:

Startet wieder!

Prima!

Wir sind aber noch nicht fertig.

Schritt 1

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Schritt 2

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
```
mclymukxuxrltfcmk /RS
         
```
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von aswMBR
Logs von OTL

MarcoGottsch · 18.06.2013, 13:14

aswMBR.txt

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-18 13:33:00
-----------------------------
13:33:00.122    OS Version: Windows 5.1.2600 Service Pack 3
13:33:00.122    Number of processors: 2 586 0x304
13:33:00.122    ComputerName: HPPAV  UserName: 
13:33:00.606    Initialize success
13:38:00.763    AVAST engine defs: 13061800
13:38:07.013    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
13:38:07.013    Disk 0 Vendor: WDC_WD2500JD-00HBB0 08.02D08 Size: 238475MB BusType: 3
13:38:07.106    Disk 0 MBR read successfully
13:38:07.106    Disk 0 MBR scan
13:38:07.138    Disk 0 unknown MBR code
13:38:07.138    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       119648 MB offset 63
13:38:07.153    Disk 0 Partition - 00     0F Extended LBA            118824 MB offset 245039445
13:38:07.169    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       109827 MB offset 245039508
13:38:07.169    Disk 0 Partition - 00     05     Extended              8997 MB offset 469965510
13:38:07.200    Disk 0 Partition 3 00     0B        FAT32 MSWIN4.1     8997 MB offset 469965573
13:38:07.200    Disk 0 scanning sectors +488392065
13:38:07.247    Disk 0 scanning C:\WINDOWS\system32\drivers
13:38:24.325    Service scanning
13:38:44.263    Modules scanning
13:38:47.669    Disk 0 trace - called modules:
13:38:47.684    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS 
13:38:47.684    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a686ab8]
13:38:47.684    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a68b968]
13:38:47.700    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8a5fed98]
13:38:47.700    \Driver\atapi[0x8a5d0b60] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf79916c1]
13:38:48.169    AVAST engine scan C:\WINDOWS
13:39:13.278    AVAST engine scan C:\WINDOWS\system32
13:44:34.481    AVAST engine scan C:\WINDOWS\system32\drivers
13:44:55.278    AVAST engine scan C:\Dokumente und Einstellungen\Heinz *****
13:54:17.153    Disk 0 MBR has been saved successfully to "G:\MBR.dat"
13:54:17.184    The log file has been saved successfully to "G:\aswMBR.txt"

Ich habe bei OTL jetzt nicht(!) auf Bereinigung geklickt sondern mit dem Code nur auf "Fix". Hier das Ergebnis:

Code:

ATTFilter

Error: Unable to interpret <mclymukxuxrltfcmk /RS> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 06182013_135712

OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.06.2013 14:00:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,04% Memory free
4,83 Gb Paging File | 4,13 Gb Available in Paging File | 85,51% Paging File free
Paging file location(s): E:\pagefile.sys 1000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,84 Gb Total Space | 42,31 Gb Free Space | 36,21% Space Free | Partition Type: NTFS
Drive D: | 107,25 Gb Total Space | 105,38 Gb Free Space | 98,25% Space Free | Partition Type: NTFS
Drive E: | 8,78 Gb Total Space | 2,68 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive G: | 7,49 Gb Total Space | 7,10 Gb Free Space | 94,84% Space Free | Partition Type: FAT32
 
Computer Name: HPPAV | User Name: Heinz Schulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.18 13:35:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013.06.18 13:32:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\aswMBR.exe
PRC - [2013.04.04 23:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2013.03.17 15:26:03 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe
PRC - [2013.01.26 17:57:52 | 000,945,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.11 17:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.09.22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.01.28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011.01.21 09:01:00 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIHAE.EXE
PRC - [2010.10.12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.06 17:51:32 | 000,064,256 | ---- | M] (ArcSoft) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2005.11.01 11:46:06 | 000,736,256 | ---- | M] (infoMantis GmbH) -- C:\Programme\iSaver\iSaverCtrl.exe
PRC - [2004.05.17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004.04.02 13:31:06 | 000,086,016 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2004.03.04 16:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003.06.17 17:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2001.11.23 11:52:04 | 000,364,544 | ---- | M] (Common Group) -- C:\Programme\Mustek 1200 UB Plus\Driver\WATCH.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.26 17:57:52 | 000,945,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004.10.01 09:11:20 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004.05.17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
MOD - [2001.07.02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll
MOD - [1999.04.08 15:07:30 | 000,029,184 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Duprint.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.12 20:31:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.17 15:26:03 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe -- (PopularScreensavers_7iService)
SRV - [2013.01.26 17:57:52 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.11 17:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.01.28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\HEINZS~1\LOKALE~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013.06.18 13:32:44 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2013.01.26 17:57:53 | 000,031,576 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.08.09 15:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.01.20 13:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2005.06.08 02:00:00 | 000,799,488 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdslbase.sys -- (FDSLBASE)
DRV - [2005.06.08 02:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2005.06.08 02:00:00 | 000,045,440 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmdsloe.sys -- (AVMDSLPPPOE)
DRV - [2005.06.08 02:00:00 | 000,038,992 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmndsl.sys -- (AVMNDSL)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.10.01 14:58:10 | 001,272,000 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004.08.27 13:28:22 | 000,116,736 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.03.10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004.01.16 10:31:56 | 000,380,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.10.03 21:40:12 | 000,013,356 | ---- | M] (Winbond Electronics Corp.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wbusb.sys -- (WBUSB)
DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.06.04 07:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000.08.28 14:32:36 | 000,040,960 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgivEcp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {46197f3d-30e7-4905-a14b-02bee3aaeb58}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZR^xpt319^S04372^de&si=CM-S8OHsg7YCFQe-zAodj3oAHA&ptb=2A1247D1-44D0-47C6-BDFB-8A370C9C0EBE&ind=2013031709&n=77fc6d1d&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
 
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lachts.net/startseite.html
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\URLSearchHook: {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - No CLSID value found
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes,DefaultScope = {67916935-1466-4048-97F4-BF79124394D8}
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZR^xpt319^S04372^de&si=CM-S8OHsg7YCFQe-zAodj3oAHA&ptb=2A1247D1-44D0-47C6-BDFB-8A370C9C0EBE&ind=2013031709&n=77fc6d1d&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{67916935-1466-4048-97F4-BF79124394D8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_enDE370
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{7AB2D949-E085-48DA-B4B2-D25519A4292A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_enDE370
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={C046EE2D-7953-4356-A107-CFC3BD4FD629}&mid=334f349aad2147d0bbefd14d48e0c817-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=ft011&pr=sa&d=2012-03-31 13:16:58&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=C3E33F69-9790-4135-92A5-C3C9E4E8B273&apn_sauid=761E3FC4-322E-405A-B16A-0E9DA5F32179
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=IM3DJUN09IESB
IE - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@popularscreensavers.com/Plugin: C:\Programme\PopularScreensavers\NPp5Stub.dll (popularscreensavers.com)
FF - HKLM\Software\MozillaPlugins\@PopularScreensavers_7i.com/Plugin: C:\Programme\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.11 16:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7iffxtbr@PopularScreensavers_7i.com: C:\Programme\PopularScreensavers_7i\bar\1.bin [2013.03.17 15:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.21 12:36:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://lachts.net/startseite.html
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\Heinz Schulz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Toolbar BHO) - {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {3a6625a2-591b-4e83-ac3f-8c25eea30ac0} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll (MindSpark)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (PopularScreensavers) - {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O3 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..\Toolbar\WebBrowser: (PopularScreensavers) - {F339A07F-9578-412D-85E0-B8A80277151A} - C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PopularScreensavers Search Scope Monitor] C:\Programme\PopularScreensavers_7i\bar\1.bin\7iSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [PopularScreensavers_7i Browser Plugin Loader] C:\Programme\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006..\Run: [EPSON SX430 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Programme\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\Mustek 1200 UB Plus\Driver\WATCH.exe (Common Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - hxxp://tbedits.popularscreensavers.com/one-toolbaredits/menusearch.jhtml?s=210465775&p2=^ZR^xpt319^S04372^de&si=CM-S8OHsg7YCFQe-zAodj3oAHA&a=2A1247D1-44D0-47C6-BDFB-8A370C9C0EBE&n=2013031709 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-2167212709-1071202314-851240243-1006\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371553338356 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7103AA70-7B93-4165-8569-31EFA123A377}: NameServer = 84.16.240.130,85.237.87.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF0691A-2BDB-4CFD-8BBE-BABDD0CC9A9B}: NameServer = 217.0.43.193 217.0.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60E6276-9B31-425E-A145-85080BB78583}: NameServer = 84.16.240.130,85.237.87.171
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.10.20 19:33:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c98ae6c7-3108-11e0-939e-001109085818}\Shell - "" = AutoRun
O33 - MountPoints2\{c98ae6c7-3108-11e0-939e-001109085818}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c98ae6c7-3108-11e0-939e-001109085818}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Play.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 21:05:15 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.18 13:31:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\aswMBR.exe
[2013.06.18 13:12:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.18 13:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.06.18 05:03:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.29 11:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Heinz Schulz\Lokale Einstellungen\Anwendungsdaten\ESET
[2006.06.05 09:26:42 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.18 16:47:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.18 16:47:01 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.06.18 16:46:54 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.18 16:46:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.18 16:46:49 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.18 14:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.06.18 13:32:44 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2013.06.18 13:32:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\aswMBR.exe
[2013.06.18 13:32:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.18 13:30:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.18 13:29:15 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\Safari.lnk
[2013.06.18 13:20:11 | 000,000,220 | RHS- | M] () -- C:\boot.ini
[2013.06.18 13:08:37 | 000,000,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz Schulz\SI.bin
[2013.06.16 19:30:16 | 000,054,414 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Anwendungsdaten\wklnhst.dat
[2013.06.12 20:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.06.12 20:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.06.12 14:55:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.06.07 17:37:40 | 000,001,781 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.06.06 19:12:01 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2013.06.05 19:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2013.05.31 20:15:19 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\Microsoft Word.lnk
[2013.05.31 20:11:09 | 000,000,095 | ---- | M] () -- C:\WINDOWS\tb96.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.18 16:46:49 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.18 13:08:37 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz Schulz\SI.bin
[2013.05.31 20:13:20 | 000,002,495 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\Microsoft Word.lnk
[2013.05.20 13:17:00 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.18 17:39:23 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013.02.18 17:39:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013.02.18 17:39:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2013.02.18 17:39:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.11.11 16:03:50 | 000,031,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012.08.20 17:59:03 | 000,400,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2167212709-1071202314-851240243-1006-0.dat
[2012.07.15 11:51:22 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\PBFLT09.DLL
[2012.07.15 11:51:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\PBDBC09.DLL
[2012.07.15 11:51:21 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\PBBAS09.DLL
[2012.07.15 11:51:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012.07.15 11:51:21 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\IVTRN09.DLL
[2012.06.14 13:28:40 | 000,400,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.04.19 08:05:05 | 000,167,936 | R--- | C] () -- C:\WINDOWS\A4.dll
[2012.04.19 08:05:05 | 000,045,056 | R--- | C] () -- C:\WINDOWS\GetKey.dll
[2012.02.15 14:19:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.02 14:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011.09.15 09:58:51 | 000,000,414 | ---- | C] () -- C:\WINDOWS\Ausba4.ini
[2011.07.04 19:43:56 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2009.06.05 20:52:40 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Anwendungsdaten\winscp.rnd
[2009.02.11 17:43:41 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.01.15 14:21:37 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.09.17 14:45:19 | 000,054,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Anwendungsdaten\wklnhst.dat
[2005.09.17 14:35:59 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz Schulz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.10.20 19:30:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\Gewerbeschau Flyer 2008.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Heinz Schulz\Desktop\Gewerbeschau Flyer 2008 Innenseite.png:SummaryInformation
@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1

< End of report >

--- --- ---

Extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.06.2013 14:00:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,04% Memory free
4,83 Gb Paging File | 4,13 Gb Available in Paging File | 85,51% Paging File free
Paging file location(s): E:\pagefile.sys 1000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,84 Gb Total Space | 42,31 Gb Free Space | 36,21% Space Free | Partition Type: NTFS
Drive D: | 107,25 Gb Total Space | 105,38 Gb Free Space | 98,25% Space Free | Partition Type: NTFS
Drive E: | 8,78 Gb Total Space | 2,68 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive G: | 7,49 Gb Total Space | 7,10 Gb Free Space | 94,84% Space Free | Partition Type: FAT32
 
Computer Name: HPPAV | User Name: Heinz ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2167212709-1071202314-851240243-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%ProgramFiles%\MSN Messenger\msnmsgr.exe" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
"%ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe" = %ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe:*:Enabled:SeaWar -- (Tavex)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%ProgramFiles%\MSN Messenger\msnmsgr.exe" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
"%ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe" = %ProgramFiles%\KOCH Media\Schiffe versenken\SeaWar.exe:*:Enabled:SeaWar -- (Tavex)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"C:\Programme\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Programme\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe" = C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\FreeSkin_Installer.exe:*:Enabled:IncrediMail Installer
"C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\3d_magic_installer.exe" = C:\Dokumente und Einstellungen\Heinz *****\Lokale Einstellungen\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe" = C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*:Disabled:splintercell3
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Skiregion Simulator 2012 Demo\SkiRegionSimulator2012.exe" = C:\Programme\Skiregion Simulator 2012 Demo\SkiRegionSimulator2012.exe:*:Enabled:Skiregion Simulator 2012 Demo
"C:\Programme\Skiregion Simulator 2012 Demo\game.exe" = C:\Programme\Skiregion Simulator 2012 Demo\game.exe:*:Enabled:Skiregion Simulator 2012 Demo
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{410DB3C9-001E-4AE2-BF2C-9FF2B8ADC8FA}" = MICHELsoft 8.0.16 Easy
"{41599341-3771-4454-99BC-D65ED3AB8F37}" = Digitale Telefonauskunft 2005
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6FB31AFA-5B77-4E9E-96C9-55ABB3FBF94F}" = Niedersachsen.de Bildschirmschoner
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{77D65C14-F73A-494F-A96E-53B40D635A1F}" = Digitale Rückwärtssuche 2005
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82D8304F-73D7-4EE6-8472-D0684BAA2865}" = AGEIA PhysX v7.05.06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{88E421CE-58D7-457C-A49D-0E0B4DD5AED8}" = MICHELsoft Demo 7.0
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A01872BE-2123-4F1B-B295-E3D1774DC0C9}" = Pinnacle InstantCD/DVD Suite
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL 2.0
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF872023-6648-42AF-9A07-1E6F55FE7291}" = ESET NOD32 Antivirus
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alien Attack" = Alien Attack
"AVG Secure Search" = AVG Security Toolbar
"Bridge Building Game" = Bridge Building Game
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"CTV Blitz - Training Windows XP" = CTV Blitz - Training Windows XP
"DeInst_d2vexcrd C:/Programme/Top200 V4" = Top200 Viewer basierend auf Geogrid®-Viewer Version 2.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series
"EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series
"EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series
"Fairies Deluxe" = Fairies Deluxe
"FlipAlbum 3.1 (Eval)" = FlipAlbum 3.1 (Eval)
"Google Chrome" = Google Chrome
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IKBDB2" = HeinzeBauOffice Kommunales Bauen
"IncrediMail" = IncrediMail
"INFOTHEK KOMPAKT" = INFOTHEK KOMPAKT
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.2.0
"MD9700" = MD9700
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"Mustek 1200 UB Plus v2.0" = Mustek 1200 UB Plus v2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ocean Express Deluxe" = Ocean Express Deluxe
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PopularScreensavers_7ibar Uninstall" = PopularScreensavers Toolbar and Software
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealArcade 1.2" = RealArcade
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Schiffe versenken" = Schiffe versenken
"Shockwave" = Shockwave
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"SmideoAppId_is1" = Smideo HD
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"TextBridge Pro 8.0" = TextBridge Pro 8.0
"Tipptrainer" = Tipptrainer Gold
"Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12
"VLC media player" = VLC media player 0.9.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.1.9
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"Xerox WC480cx Print" = Xerox WC480cx Druckertreiber
"Xerox WorkCentre 480cx Scan" = TWAIN-Treiber
"XP-Games JRE" = XP-Games JRE
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 12:23:21 | Computer Name = HPPAV | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.4030.0, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
Error - 05.02.2013 12:28:55 | Computer Name = HPPAV | Source = Microsoft Office 10 | ID = 1001
Description = Fault bucket -1991029343.
 
Error - 15.02.2013 06:13:01 | Computer Name = HPPAV | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 16.05.2013 10:07:34 | Computer Name = HPPAV | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
[ System Events ]
Error - 17.06.2013 14:34:39 | Computer Name = HPPAV | Source = DCOM | ID = 10010
Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.06.2013 14:35:13 | Computer Name = HPPAV | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.06.2013 14:37:55 | Computer Name = HPPAV | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 17.06.2013 14:39:25 | Computer Name = HPPAV | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 17.06.2013 18:29:51 | Computer Name = HPPAV | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker HP Deskjet 
6500 Series, Freigabename Drucker2.
 
Error - 17.06.2013 18:29:53 | Computer Name = HPPAV | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Winbond Generic USB Controller" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 17.06.2013 18:30:02 | Computer Name = HPPAV | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avgtp
 
Error - 18.06.2013 10:47:00 | Computer Name = HPPAV | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Winbond Generic USB Controller" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 18.06.2013 10:47:10 | Computer Name = HPPAV | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avgtp
 
Error - 18.06.2013 10:48:56 | Computer Name = HPPAV | Source = DCOM | ID = 10010
Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

--- --- ---

aharonov · 18.06.2013, 14:25

Zitat:

Ich habe bei OTL jetzt nicht(!) auf Bereinigung geklickt sondern mit dem Code nur auf "Fix". Hier das Ergebnis:

Wieso "Bereinigung" oder "Fix"?? Davon steht doch in der Anleitung überhaupt nichts!

Wiederhole bitte den Schritt mit OTL. Den Code in die Textbox einfügen und auf "Scan" drücken. (Es wird beim zweiten Mal keine neue Extras.txt erstellt werden.)

MarcoGottsch · 18.06.2013, 14:39

Hm... Habe ich wohl wieder ein bisschen falsch gedacht. Ich war davon ausgegangen, dass der Code nur zum Fixen gedacht ist. Mein Fehler. :-( Aktuell laufen noch Updates auf dem Rechner. Wie es scheint hat er das ewig nicht gemacht. Abbrechen will ich das nun aber auch nicht.

aharonov · 18.06.2013, 14:46

Ja lass die Updates zuerst noch durchlaufen.
Die Anleitungen sind so gemacht, dass jedermann ohne selbst mitzudenken sie ausführen können sollte. Also einfach nur machen, was geschrieben steht...

Du musst den OTL-Scan nicht mehr komplett wiederholen, sondern nur noch diese Schritte machen:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

mclymukxuxrltfcmk /RS

Schliesse bitte alle anderen Programme.
Klicke nun auf None (deutsch "Nichts") und danach auf den Scan Button.
Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

Schritt 2

Packe die Datei G:\MBR.dat in ein zip-Archiv (Rechtsklick drauf -> Senden an -> zip-komprimierten Ordner) und hänge dieses hier an.

Bitte poste in deiner nächsten Antwort:

Log von OTL
zip-Archiv als Anhang

MarcoGottsch · 18.06.2013, 16:08

Zu spät gelesen. Nu läuft der Scan schon seit einer Ewigkeit und ich musste schon zig mal auf abbrechen klicken, weil da wohl scheinbar ein Laufwerk nicht gefunden wird. Ich nehme mal an, der Bursche sucht die externe Platte. Die habe ich gerade vorhin mal abgeschaltet. Wie man es macht, ist es verkehrt. Ich denke in ein paar min. sollte dann aber auch wirklich alles vorliefen.

aharonov · 18.06.2013, 16:09

Ja der OTL-Scan könnte dieses Mal etwas länger dauern, das ist normal.

MarcoGottsch · 18.06.2013, 16:13

Etwas ist gut. :-( Dazu kommt noch, dass der Rechner so ne olle P4-CPU verbaut hat und das hier richtig laut ist. Das Ding hätte ich alleine deswegen schon zum Schrotti gebracht.

Ich glaube jetzt ist das Programm abgeschmiert. Steht seit mehreren min. in einem Help-Ordner. Soll ich mal neu starten?

18.06.2013, 16:09	#14
aharonov /// TB-Ausbilder	Weißer Bildschirm, nichts geht mehr Ja der OTL-Scan könnte dieses Mal etwas länger dauern, das ist normal. __________________ cheers, Leo

Weißer Bildschirm, nichts geht mehr

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm, nichts geht mehr