Weisser Bildschirm

Nathan|RSA · 22.06.2013, 09:23

Hallo, ich habe seit 3 Tagen folgendes Problem..... Vor 3 Tagen hatte ich meinen PC an und plötzlich ist dieser abgestürzt, als ob er sich festgefressen hat und nach ein paar Sekunden war der Bildschirm weiß.... Ich dachte erst ok... es sind draußen 38 Grad, ich wohne Dachgeschoß... Sonne Knallte ins Zimmer... PC Überhitzt..... Gestern war es nicht mehr so heiß.... PC ließ sich ohne Probleme starten.... ich hatte wieder gespielt und nach paar Stunden ist PC wieder abgestürzt und es tauchte ein weißer Bildschirm auf.... Dann dachte ich ok... vielleicht staut sich am Schreibtisch die Hitze vom PC.... (Neuer PC gekauft von meinen Bruder und neuer Schreibtisch), also umgebaut...... Und er starte nach einigerzeit ohne Probleme..... un d lief gestern auch ohne Probleme... (Hatte nicht gespielt)... Seit heute beim starten komplett weißer Bildschirm..... meine Tastatur leuchtet kurz auf... wie es normal ist beim starten.... aber mehr passiert nicht.... ich höre keinen Ton.... der Bildschirm bleibt dauerweiß... selbst beim Restart bleibt er komplett weiß... ich komm nicht in BIOS oder kann irgendwas machen, sehe auch keine Maus... nix..... Es kam auch nicht wie bei vielen anderen vorher irgendeine Wahnung oder dergleichen..... daher meine Frage ist es auch eine Art Plagegeist oder doch meine Grafikkarte??? Mein Bruder sagt die GrafKa ist es sicherlich nicht... Problem ist.... mein Bruder wohnt 650 Km entfernt und ich komme erst in 4 Wochen wieder zu ihm.... wäre nett wenn mit hier einen helfen könnte.

Platt machen und neu machen wäre nicht gut, da meine ganzen Dateien auf dem Rechner sind, da meine Externe kaputt und getauscht werden musste... und die bräuchte ich unbedingt wieder bevor ich den PC Platt mache....

Und noch ein kleiner Hinweis zu mir... ich bin leider kein PC-Profi... also wäre es nett alles für mich als Noob sehr ausführlich zu schreiben und Geduld mit mir zu haben, wenn blöde Fragen von mir kommen...

Schonmal Danke im Vorraus

t'john · 22.06.2013, 09:53

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Nathan|RSA · 22.06.2013, 10:46

so also erstmal vielen dank für die schnelle Antwort und die ausführliche Beschreibung.... beim ersten mal hatte er mir die Extras.txt nicht angezeigt, aber ich habe nochmal alles gemacht und jetzt habe ich beide Dateien und hänge sie nun mit an...

Also OTL.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/22/2013 2:16:36 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.70 Mb Free Space | 75.70% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 35.15 Gb Free Space | 11.79% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 34.85 Gb Free Space | 35.72% Space Free | Partition Type: NTFS
Drive F: | 194.88 Gb Total Space | 107.83 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/20 17:36:52 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/12 06:56:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/22 04:58:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/02 04:52:44 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/05/02 04:52:41 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013/03/28 09:02:37 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/28 09:02:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/25 18:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/24 19:23:09 | 000,049,152 | ---- | M] () [On_Demand] -- E:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/01/28 09:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto] -- E:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/01/28 09:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto] -- E:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/01/18 02:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- E:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/22 08:44:48 | 001,421,216 | ---- | M] () [Auto] -- E:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe -- (ACT2_Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand] --  -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] --  -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand] --  -- (FairplayKD)
DRV - [2013/05/19 09:03:22 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/03/28 09:02:37 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/28 09:02:37 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/28 09:02:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/25 18:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/11/24 05:13:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/09/19 05:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- E:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/09/19 05:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/03/26 09:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/01/18 01:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2012/01/18 01:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/06/09 22:22:02 | 000,014,648 | ---- | M] () [Kernel | Auto] -- E:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor32.sys -- (ACT2PM)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/23 00:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2007/06/01 13:36:26 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WPN111v.sys -- (WPN111)
DRV - [2004/08/13 04:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\unser_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\unser_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\unser_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=862eec6f00000000000000235426ab1b
IE - HKU\unser_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\unser_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\unser_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\UpdatusUser_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\System32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: E:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: E:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: E:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/22 04:58:27 | 000,000,000 | ---D | M]
 
[2013/05/22 04:58:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/22 04:58:27 | 000,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/10 14:11:33 | 000,006,484 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner 2] E:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar]  File not found
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar]  File not found
O4 - HKU\unser_ON_E..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\unser_ON_E..\Run: [IncrediMail] E:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\unser_ON_E..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar]  File not found
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - E:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/21 19:24:33 | 000,263,592 | ---- | C] (Oracle Corporation) -- E:\Windows\System32\javaws.exe
[2013/06/21 19:24:30 | 000,175,016 | ---- | C] (Oracle Corporation) -- E:\Windows\System32\javaw.exe
[2013/06/21 19:24:30 | 000,175,016 | ---- | C] (Oracle Corporation) -- E:\Windows\System32\java.exe
[2013/06/21 19:24:30 | 000,094,632 | ---- | C] (Oracle Corporation) -- E:\Windows\System32\WindowsAccessBridge.dll
[2013/06/20 14:12:18 | 000,000,000 | ---D | C] -- E:\Users\unser\Documents\Battlefield 3
[2013/06/20 14:11:59 | 000,000,000 | ---D | C] -- E:\Users\unser\AppData\Local\ESN
[2013/06/20 14:11:57 | 000,000,000 | ---D | C] -- E:\Program Files\Battlelog Web Plugins
[2013/06/20 14:09:10 | 000,000,000 | ---D | C] -- E:\ProgramData\EA Core
[2013/06/20 14:09:03 | 000,000,000 | ---D | C] -- E:\ProgramData\EA Logs
[2013/06/20 09:55:15 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013/06/20 09:55:13 | 000,000,000 | -H-D | C] -- E:\Program Files\Common Files\EAInstaller
[2013/06/18 18:28:37 | 000,000,000 | ---D | C] -- E:\Users\unser\AppData\Roaming\Origin
[2013/06/18 18:28:36 | 000,000,000 | ---D | C] -- E:\Program Files\Origin Games
[2013/06/18 18:28:05 | 000,000,000 | ---D | C] -- E:\Users\unser\AppData\Local\Origin
[2013/06/18 18:23:30 | 000,000,000 | ---D | C] -- E:\ProgramData\Origin
[2013/06/18 18:23:29 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/06/18 18:23:29 | 000,000,000 | ---D | C] -- E:\ProgramData\Electronic Arts
[2013/06/12 07:04:01 | 002,706,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/06/12 07:04:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/06/12 07:01:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/06/12 07:01:35 | 002,877,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/06/12 07:01:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2013/06/12 07:01:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/06/12 07:01:34 | 000,493,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/06/12 07:01:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2013/06/12 07:01:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/12 07:01:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2013/06/12 07:01:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2013/06/12 05:05:11 | 001,505,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d11.dll
[2013/06/12 05:05:08 | 000,903,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\certutil.exe
[2013/06/12 05:05:08 | 000,043,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\certenc.dll
[2013/06/12 05:05:07 | 000,492,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/06/12 05:05:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cryptdlg.dll
[2013/06/12 05:05:00 | 003,968,872 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2013/06/12 05:05:00 | 003,913,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2013/06/11 06:38:09 | 000,000,000 | ---D | C] -- E:\ProgramData\boost_interprocess
[2013/05/31 04:57:19 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Java
[2013/05/29 05:53:09 | 000,000,000 | ---D | C] -- E:\Users\unser\AppData\Local\Activision
[2013/05/28 21:01:25 | 001,400,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2013/05/28 21:01:25 | 000,745,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/28 21:01:25 | 000,629,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2013/05/28 21:01:25 | 000,523,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/28 21:01:25 | 000,361,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2013/05/28 21:01:25 | 000,357,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2013/05/28 21:01:25 | 000,232,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/28 21:01:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2013/05/28 21:01:25 | 000,185,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\elshyph.dll
[2013/05/28 21:01:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2013/05/28 21:01:25 | 000,158,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2013/05/28 21:01:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2013/05/28 21:01:25 | 000,138,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2013/05/28 21:01:25 | 000,137,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/28 21:01:25 | 000,117,248 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2013/05/28 21:01:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2013/05/28 21:01:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2013/05/28 21:01:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2013/05/28 21:01:25 | 000,057,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2013/05/28 21:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2013/05/28 21:01:25 | 000,041,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2013/05/28 21:01:25 | 000,038,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2013/05/28 21:01:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2013/05/28 21:01:24 | 001,441,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/28 21:01:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmlmedia.dll
[2013/05/28 21:01:24 | 000,242,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2013/05/28 21:01:24 | 000,023,040 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[1 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/22 07:06:58 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/06/22 07:06:52 | 000,014,016 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/22 07:06:51 | 000,014,016 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/22 07:05:03 | 000,000,000 | ---- | M] () -- E:\Windows\System32\drivers\lvuvc.hs
[2013/06/22 07:04:59 | 2616,549,376 | -HS- | M] () -- E:\hiberfil.sys
[2013/06/21 19:24:26 | 000,867,240 | ---- | M] (Oracle Corporation) -- E:\Windows\System32\npDeployJava1.dll
[2013/06/21 19:24:26 | 000,789,416 | ---- | M] (Oracle Corporation) -- E:\Windows\System32\deployJava1.dll
[2013/06/21 19:24:26 | 000,263,592 | ---- | M] (Oracle Corporation) -- E:\Windows\System32\javaws.exe
[2013/06/21 19:24:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- E:\Windows\System32\javaw.exe
[2013/06/21 19:24:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- E:\Windows\System32\java.exe
[2013/06/21 19:24:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- E:\Windows\System32\WindowsAccessBridge.dll
[2013/06/21 18:56:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/21 17:50:58 | 000,653,928 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/06/21 17:50:58 | 000,615,810 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/06/21 17:50:58 | 000,129,800 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/06/21 17:50:58 | 000,106,190 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/06/21 07:14:02 | 000,140,072 | ---- | M] () -- E:\Windows\System32\drivers\PnkBstrK.sys
[2013/06/21 07:13:56 | 000,280,904 | ---- | M] () -- E:\Windows\System32\PnkBstrB.xtr
[2013/06/20 14:12:24 | 000,280,904 | ---- | M] () -- E:\Windows\System32\PnkBstrB.ex0
[2013/06/20 09:55:15 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/06/20 09:55:15 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013/06/20 09:54:58 | 000,138,056 | ---- | M] () -- E:\Users\unser\AppData\Roaming\PnkBstrK.sys
[2013/06/18 18:23:30 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/06/12 06:56:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/06/12 06:56:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/06/08 07:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/29 05:47:57 | 000,682,280 | ---- | M] () -- E:\Windows\System32\pbsvc.exe
[2013/05/28 21:01:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dat
[2013/05/28 21:01:25 | 000,745,472 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/28 21:01:25 | 000,629,248 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2013/05/28 21:01:25 | 000,523,264 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/28 21:01:25 | 000,361,984 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\html.iec
[2013/05/28 21:01:25 | 000,357,888 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2013/05/28 21:01:25 | 000,232,960 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/28 21:01:25 | 000,226,816 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2013/05/28 21:01:25 | 000,185,344 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\elshyph.dll
[2013/05/28 21:01:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2013/05/28 21:01:25 | 000,158,720 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msls31.dll
[2013/05/28 21:01:25 | 000,150,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iexpress.exe
[2013/05/28 21:01:25 | 000,138,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wextract.exe
[2013/05/28 21:01:25 | 000,137,216 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/28 21:01:25 | 000,117,248 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iepeers.dll
[2013/05/28 21:01:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\IEAdvpack.dll
[2013/05/28 21:01:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inseng.dll
[2013/05/28 21:01:25 | 000,073,728 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SetIEInstalledDate.exe
[2013/05/28 21:01:25 | 000,057,344 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\pngfilt.dll
[2013/05/28 21:01:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtmler.dll
[2013/05/28 21:01:25 | 000,041,984 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeedsbs.dll
[2013/05/28 21:01:25 | 000,038,400 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\imgutil.dll
[2013/05/28 21:01:25 | 000,025,185 | ---- | M] () -- E:\Windows\System32\ieuinit.inf
[2013/05/28 21:01:25 | 000,011,776 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeedssync.exe
[2013/05/28 21:01:24 | 001,441,280 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/28 21:01:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtmlmedia.dll
[2013/05/28 21:01:24 | 000,242,200 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iedkcs32.dll
[2013/05/28 21:01:24 | 000,023,040 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\licmgr10.dll
[1 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/28 21:01:25 | 000,025,185 | ---- | C] () -- E:\Windows\System32\ieuinit.inf
[2013/04/10 11:53:55 | 000,036,892 | ---- | C] () -- E:\Windows\System32\bassmod.dll
[2013/02/05 12:54:04 | 000,000,533 | ---- | C] () -- E:\Windows\eReg.dat
[2013/02/03 16:30:58 | 000,043,520 | ---- | C] () -- E:\Windows\System32\CmdLineExt03.dll
[2013/02/02 20:49:04 | 000,000,252 | ---- | C] () -- E:\Windows\game.ini
[2013/01/12 14:12:26 | 000,140,072 | ---- | C] () -- E:\Windows\System32\drivers\PnkBstrK.sys
[2013/01/12 14:12:26 | 000,138,056 | ---- | C] () -- E:\Users\unser\AppData\Roaming\PnkBstrK.sys
[2013/01/12 14:12:00 | 000,280,904 | ---- | C] () -- E:\Windows\System32\PnkBstrB.exe
[2013/01/12 14:11:57 | 000,682,280 | ---- | C] () -- E:\Windows\System32\pbsvc.exe
[2013/01/12 14:11:57 | 000,075,136 | ---- | C] () -- E:\Windows\System32\PnkBstrA.exe
[2012/12/16 13:30:37 | 000,000,733 | ---- | C] () -- E:\Windows\Edofma.INI
[2012/11/28 07:07:16 | 000,286,160 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/11/24 18:32:28 | 000,080,896 | ---- | C] () -- E:\Windows\System32\RDVGHelper.exe
[2012/11/24 18:32:13 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2012/11/24 18:31:42 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2012/11/23 05:37:00 | 000,021,423 | ---- | C] () -- E:\Windows\War3Unin.dat
[2012/11/17 12:48:09 | 000,001,769 | ---- | C] () -- E:\Windows\Language_trs.ini
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- E:\Windows\System32\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- E:\Windows\System32\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- E:\Windows\System32\LogiDPPApp.exe
[2012/01/18 01:22:54 | 000,028,418 | ---- | C] () -- E:\Windows\System32\lvcoinst.ini
[2009/07/14 04:47:43 | 000,653,928 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,129,800 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:05:48 | 000,615,810 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,190 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2009/04/21 19:19:06 | 000,172,173 | ---- | C] () -- E:\Windows\System32\xlive.dll.cat
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- E:\Windows\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- E:\Windows\System32\DivXWMPExtType.dll
[2004/08/13 04:56:20 | 000,005,810 | ---- | C] () -- E:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2013/04/23 06:34:48 | 000,000,000 | ---D | M] -- E:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/17 12:27:18 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2013/03/10 14:11:30 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon
[2013/02/13 15:06:53 | 000,000,000 | ---D | M] -- E:\ProgramData\Bohemia Interactive Studio
[2013/06/11 06:38:09 | 000,000,000 | ---D | M] -- E:\ProgramData\boost_interprocess
[2012/11/19 05:15:28 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2012/11/24 04:36:49 | 000,000,000 | -H-D | M] -- E:\ProgramData\Common Files
[2012/11/17 12:34:35 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2012/11/17 12:27:18 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2012/11/17 12:27:18 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2013/06/20 14:09:10 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Core
[2013/06/21 07:13:39 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Logs
[2013/06/20 14:09:14 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2012/11/17 12:27:18 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2012/12/18 13:43:17 | 000,000,000 | ---D | M] -- E:\ProgramData\IM
[2012/12/18 13:38:36 | 000,000,000 | ---D | M] -- E:\ProgramData\IncrediMail
[2013/04/14 23:49:23 | 000,000,000 | ---D | M] -- E:\ProgramData\Intenium
[2013/03/26 07:51:39 | 000,000,000 | ---D | M] -- E:\ProgramData\MTA San Andreas All
[2013/01/11 14:43:01 | 000,000,000 | ---D | M] -- E:\ProgramData\OMSI AM
[2013/06/18 18:30:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Origin
[2013/02/10 10:13:44 | 000,000,000 | ---D | M] -- E:\ProgramData\PDF Architect
[2013/03/15 08:12:39 | 000,000,000 | ---D | M] -- E:\ProgramData\Solidshield
[2012/11/17 12:27:18 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2013/01/09 08:30:44 | 000,000,000 | ---D | M] -- E:\ProgramData\TEMP
[2012/11/19 13:01:25 | 000,000,000 | ---D | M] -- E:\ProgramData\TomTom
[2012/11/24 09:32:53 | 000,000,000 | ---D | M] -- E:\ProgramData\TrackMania
[2012/11/24 04:44:19 | 000,000,000 | ---D | M] -- E:\ProgramData\TuneUp Software
[2012/11/17 12:27:18 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/11/24 04:39:54 | 000,000,000 | -HSD | M] -- E:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/11/24 04:39:54 | 000,000,000 | -HSD | M] -- E:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/06/05 20:19:08 | 000,032,630 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 40 bytes -> E:\Users\unser\AppData\Roaming:NT
@Alternate Data Stream - 149 bytes -> E:\ProgramData\TEMP:40D3D3E8
< End of report >

--- --- ---

und hier die Extras.txtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 6/22/2013 2:16:36 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.70 Mb Free Space | 75.70% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 35.15 Gb Free Space | 11.79% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 34.85 Gb Free Space | 35.72% Space Free | Partition Type: NTFS
Drive F: | 194.88 Gb Total Space | 107.83 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0A902DF4-B767-49DB-98D3-D413E6F1E703}" = World of Subways Vol.2
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{32B08666-1587-435D-988C-7958A04B218A}_is1" = OMSI Addon Manager Version 1.2.3
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5e81fe58-329f-41df-be06-ec265f0d624f}_is1" = Rettungsdienst GER
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{AA114FA3-54D7-46D9-8028-AECAC9ABE615}_is1" = Cossacks Anthology
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-PDF Maker_is1" = 7-PDF Maker Version 1.4.1 (Build 128)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Core Tuner 2_is1" = Ashampoo Core Tuner 2 2.0.1
"Avira AntiVir Desktop" = Avira Antivirus Premium
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"bi_uninstaller" = Bundled software uninstaller
"Columbus Tree Mod" = Columbus Tree Mod 1.0 deutsch
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.46
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Emergency 2012" = Emergency 2012
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"ERSBerlin_is1" = ERS Berlin
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"IncrediMail" = IncrediMail 2.0
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - THE STETCHKOV SYNDICATE
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 225420" = Cities in Motion 2
"Steam App 24010" = Train Simulator 2013
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 24860" = Battlefield 2
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 48240" = Anno 2070
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\unser_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"11-99 Enhancement Mod v1.3" = 11-99 Enhancement Mod v1.3
 
< End of report >

--- --- ---

t'john · 22.06.2013, 15:51

Zwischenfrage. Geht der abgesicherte Modus?

Nathan|RSA · 23.06.2013, 13:52

sry konnte nicht früher antworten, hatte Nachtdienst....

also ich hab jetzt des Programm beendet was auf der CD war.... beim Runterfahren hatte sich PC aufgehangen. hatte reset gemacht... jetzt ist mein normales Windows ohne probleme hochgefahren. ..

Hab derzeit auch das Internetkabel vom PC entfernt.... was mir gerade Auffällt ist, dass meine Uhrzeit beim Pc 2 Stunden vor geht. ... Zeitzone etc sind aber richtig eingestellt. ..

t'john · 24.06.2013, 22:20

Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Nathan|RSA · 24.06.2013, 23:52

Hallo, vielen Dank für die Antwort.... hier sind wie gewünscht die neuen Scanergebnisse....

OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.06.2013 00:35:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\unser\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,70% Memory free
6,50 Gb Paging File | 5,56 Gb Available in Paging File | 85,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 36,78 Gb Free Space | 37,70% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 10,90 Gb Free Space | 3,66% Space Free | Partition Type: NTFS
Drive E: | 194,88 Gb Total Space | 107,83 Gb Free Space | 55,33% Space Free | Partition Type: NTFS
Drive F: | 6,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 1863,01 Gb Total Space | 1791,91 Gb Free Space | 96,18% Space Free | Partition Type: NTFS
Drive I: | 1,87 Gb Total Space | 1,18 Gb Free Space | 62,91% Space Free | Partition Type: FAT
 
Computer Name: NATHAN | User Name: unser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\unser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Programme\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Netgear\WPN111.exe (NETGEAR)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - D:\Programme\7-PDF Maker\7p.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (BEService) -- C:\Programme\Common Files\BattlEye\BEService.exe ()
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (ACT2_Service) -- C:\Programme\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (FairplayKD) -- C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys File not found
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.))
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (ACT2PM) -- C:\Programme\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor32.sys ()
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111v.sys (Atheros Communications, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=862eec6f00000000000000235426ab1b
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb156/?search={searchTerms}&loc=search_box&a=ThAHUNvNi7
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.22 10:58:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.22 10:58:27 | 000,000,000 | ---D | M]
 
[2012.11.19 19:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unser\AppData\Roaming\mozilla\Extensions
[2012.11.19 19:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unser\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.03.11 10:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unser\AppData\Roaming\mozilla\Firefox\Profiles\tpnxbm4u.default\extensions
[2013.03.10 20:11:40 | 000,001,294 | ---- | M] () -- C:\Users\unser\AppData\Roaming\mozilla\firefox\profiles\tpnxbm4u.default\searchplugins\delta.xml
[2013.05.22 10:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.22 10:58:27 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.10 20:11:33 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner 2] C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2411497344-1953539480-393459525-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2411497344-1953539480-393459525-1001..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2411497344-1953539480-393459525-1001..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\unser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk = D:\Spiele\Omsi Mods\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
O4 - Startup: C:\Users\unser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F2FF85-A6D0-48B1-977D-DA0F898B77F0}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F69E987-8B4C-4966-A351-0A6D6ADC49E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F979276B-30FA-4267-AEAD-4EAB4C69B314}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDCAD15E-AA62-410D-B69F-502A5026CEED}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.06 12:07:47 | 000,398,656 | R--- | M] (THQ Canada Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.02.24 03:30:48 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.07.08 18:05:46 | 000,000,000 | R--D | M] - F:\AutorunData -- [ UDF ]
O32 - AutoRun File - [2013.06.01 01:56:48 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{f75a9c85-30d2-11e2-b131-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f75a9c85-30d2-11e2-b131-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.03.06 12:07:47 | 000,398,656 | R--- | M] (THQ Canada Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.24 16:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FMS32-PRO
[2013.06.24 16:11:15 | 000,000,000 | ---D | C] -- C:\Users\unser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FMS32-PRO
[2013.06.24 16:10:48 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2013.06.24 16:10:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2013.06.22 01:24:33 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 01:24:30 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.22 01:24:30 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.22 01:24:30 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.20 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\unser\AppData\Local\ESN
[2013.06.20 20:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2013.06.20 20:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.06.20 20:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.06.20 15:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.06.20 15:55:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2013.06.19 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\unser\AppData\Roaming\Origin
[2013.06.19 00:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013.06.19 00:28:05 | 000,000,000 | ---D | C] -- C:\Users\unser\AppData\Local\Origin
[2013.06.19 00:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.06.19 00:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.06.19 00:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.06.12 13:04:01 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.12 13:04:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.12 13:01:35 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.12 13:01:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.12 13:01:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.12 13:01:34 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.12 13:01:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.12 13:01:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.12 13:01:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.12 13:01:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 11:05:11 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 11:05:08 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 11:05:08 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 11:05:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 11:05:00 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 11:05:00 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.11 12:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.05.31 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.29 11:53:09 | 000,000,000 | ---D | C] -- C:\Users\unser\AppData\Local\Activision
[2013.05.29 03:01:25 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.29 03:01:25 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.29 03:01:25 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.29 03:01:25 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.29 03:01:25 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.29 03:01:25 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.29 03:01:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.29 03:01:25 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.29 03:01:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.29 03:01:25 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.29 03:01:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.29 03:01:25 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.29 03:01:25 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.29 03:01:25 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.29 03:01:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.29 03:01:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.29 03:01:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.29 03:01:25 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.29 03:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.29 03:01:25 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.29 03:01:25 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.29 03:01:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.29 03:01:24 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.29 03:01:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.29 03:01:24 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.29 03:01:24 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.25 00:31:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.25 00:31:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.25 00:30:13 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.25 00:30:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.25 00:30:13 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.25 00:30:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.25 00:25:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.25 00:25:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013.06.25 00:25:30 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.24 23:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.24 16:10:48 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2013.06.24 16:10:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2013.06.24 11:51:50 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.22 01:24:26 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.22 01:24:26 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.22 01:24:26 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 01:24:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.22 01:24:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.22 01:24:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.21 13:14:02 | 000,140,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.06.21 13:13:56 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.06.20 20:12:24 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.06.20 15:54:58 | 000,138,056 | ---- | M] () -- C:\Users\unser\AppData\Roaming\PnkBstrK.sys
[2013.06.12 12:56:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 12:56:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.29 11:47:57 | 000,682,280 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2013.05.29 03:01:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.29 03:01:25 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.29 03:01:25 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.29 03:01:25 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.29 03:01:25 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.29 03:01:25 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.29 03:01:25 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.29 03:01:25 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.29 03:01:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.29 03:01:25 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.29 03:01:25 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.29 03:01:25 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.29 03:01:25 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.29 03:01:25 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.29 03:01:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.29 03:01:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.29 03:01:25 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.29 03:01:25 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.29 03:01:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.29 03:01:25 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.29 03:01:25 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.29 03:01:25 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.29 03:01:25 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.29 03:01:24 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.29 03:01:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.29 03:01:24 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.29 03:01:24 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.29 03:01:25 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.10 17:53:55 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2013.02.05 18:54:04 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2013.02.03 22:30:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013.02.03 02:49:04 | 000,000,252 | ---- | C] () -- C:\Windows\game.ini
[2013.01.12 20:12:26 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.01.12 20:12:26 | 000,138,056 | ---- | C] () -- C:\Users\unser\AppData\Roaming\PnkBstrK.sys
[2013.01.12 20:12:00 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.01.12 20:11:57 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013.01.12 20:11:57 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.12.16 19:30:37 | 000,000,733 | ---- | C] () -- C:\Windows\Edofma.INI
[2012.11.28 13:07:16 | 000,286,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.25 00:32:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.11.25 00:31:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.11.23 11:37:00 | 000,021,423 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.11.17 18:48:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.22 12:21:07 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\7-PDFMaker
[2013.03.10 20:11:29 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\Babylon
[2013.03.15 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\DAEMON Tools Lite
[2013.04.21 19:31:39 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\DiskAid
[2012.12.02 03:15:40 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\FTSoftware_FlorianThurnwald_ERSBerlinUpdater
[2013.04.01 13:29:08 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\KY-Programming
[2012.11.24 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\Leadertech
[2012.11.27 13:19:49 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\OpenOffice.org
[2013.06.20 02:17:18 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\Origin
[2013.02.10 16:13:18 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\PDF Architect
[2013.02.25 01:11:49 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\six-updater
[2013.02.16 10:41:53 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\six-zsync
[2012.12.03 01:17:22 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\Subversion
[2012.11.19 19:01:16 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\TomTom
[2013.06.25 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\TS3Client
[2012.11.24 10:37:14 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\TuneUp Software
[2013.03.15 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\unser\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:40D3D3E8

< End of report >

--- --- ---

und hier die extras.txtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.06.2013 00:35:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\unser\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,70% Memory free
6,50 Gb Paging File | 5,56 Gb Available in Paging File | 85,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 36,78 Gb Free Space | 37,70% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 10,90 Gb Free Space | 3,66% Space Free | Partition Type: NTFS
Drive E: | 194,88 Gb Total Space | 107,83 Gb Free Space | 55,33% Space Free | Partition Type: NTFS
Drive F: | 6,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 1863,01 Gb Total Space | 1791,91 Gb Free Space | 96,18% Space Free | Partition Type: NTFS
Drive I: | 1,87 Gb Total Space | 1,18 Gb Free Space | 62,91% Space Free | Partition Type: FAT
 
Computer Name: NATHAN | User Name: unser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2411497344-1953539480-393459525-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0809D0FA-33A7-499B-B8BA-24C4A84F8E01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{175DB975-D98C-4AA2-963F-631DD95041E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{562DBFE1-F0AA-4C25-AF42-B61C45B27807}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63674763-D94E-40A8-9349-A053CEFDECEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{99611918-3CE4-4E94-A54A-6E0B1D64CA0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9E01B10C-30BB-4436-943E-29A6D95FE995}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E25FEF0-B2F1-430E-9EB0-94BAC899204F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4761D44-46AA-43C2-B202-2DCEDC4C1180}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7D00212-E0BF-4EC1-B175-C37EB86AF3B2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C4497ABC-B65E-4CBF-B1F0-876A4980A484}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E0545EC9-120E-4AE7-B3AF-9E91D5EAB890}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E54824AC-56E8-4E69-AA4B-A42C829B01B7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E881C6BA-32E7-4ECC-B2A3-58357AFE9B97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1CF4BC3-AECF-471A-A247-F7A6D091C1D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000A7094-7D1E-46F5-9B78-901DD98439EC}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{00DC3671-9DD5-4BD2-BC59-5E206AE488D3}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{0229D91B-C456-4D89-94B0-A70F02119C09}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{05A75503-2068-48C4-A342-9959A8904339}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{06F05784-5993-494D-A753-C3D1A9B8909C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0BE71ED2-0F16-49B2-BEE4-9F1940308EEE}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{0BEC2098-AB68-40F9-9F36-121DF2E6B2D2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes relaunch\reliccoh.exe | 
"{0E8FEC44-04D5-47EB-8098-BEEA525ACDFB}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{0FEBEC40-761B-4254-A96A-8FE5841278FD}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{10113B2B-B4A2-4023-81C3-30D821511CC2}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\cities in motion 2\cim2.exe | 
"{111849A9-591C-448E-97BC-A1F3E71192B1}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{19D6F20D-31E2-407A-9E98-65B368C69870}" = protocol=17 | dir=in | app=d:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{1B6A2E3D-6539-40D3-ADE7-4299A2FA6617}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1BBAF205-E00A-4A43-89C1-BD16E5B6DECC}" = protocol=17 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\fc2editor.exe | 
"{20120243-AE9B-4A3E-B3BA-5D81EBFA236F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{24C88614-AB6E-4AB8-AB68-6AF6AC0AA720}" = protocol=17 | dir=in | app=d:\spiele\omsi\omsi.exe | 
"{2B979D06-6EF8-4DD8-969E-6E81393AEC99}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2D5D63EA-C9CB-4D79-9CED-61F992DD7F6A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2FB7AF47-D2A8-4AF1-9563-FFD641FDAB25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{332614A7-0CCC-4C45-8758-CDC74AFDE095}" = protocol=6 | dir=in | app=d:\spiele\swat 4\contentexpansion\system\swat4x.exe | 
"{38248B56-A556-431E-A286-88EFFB32B1BD}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{41FB0F6D-2678-436E-B7F3-1277751D1A1B}" = protocol=6 | dir=in | app=d:\spiele\omsi\omsi.exe | 
"{44904149-E4D5-4933-99EB-192AA5E4F982}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2\arma2.exe | 
"{4548C0F0-8970-4E97-9C38-1852B2501BEA}" = protocol=17 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\farcry2.exe | 
"{45697EB0-20A1-49BA-9D55-442596455DF8}" = protocol=17 | dir=in | app=d:\spiele\cod world at war\codwaw.exe | 
"{46D69DE0-4A04-4969-AA4F-99EE96AF2D19}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{51DC5F69-B411-4023-B076-8C9D749EE2D3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{52AB2B2D-F28B-448A-8ADF-09C7D0C57402}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{535BA4A4-F0F2-4218-AB25-825F90128E2C}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{5551FE73-69C6-47A1-B31A-65B24AE77E12}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{5911BC8D-7144-4ADD-9ADD-58868CE142FC}" = protocol=6 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\fc2editor.exe | 
"{5BFF1C8B-E882-4C96-837B-31BFBCCDEF4D}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"{666446BC-4E6E-48E2-B61E-66661D9A2063}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66E35CE2-3416-4AB6-B185-A82043284CC4}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes relaunch\reliccoh.exe | 
"{68447B63-5959-48C9-A2F1-93BA1E7350DC}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{68A3400C-24FD-4F08-91B9-A721D5526852}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{68C9020C-D45B-4A3A-A805-13B581C46AB5}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{69889A77-D27B-4C70-A5A4-42DED4F1B567}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{6B1C81AB-AF37-40E4-A25F-906F9B9137A7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{6EED310B-0338-4188-8BBF-EE88E3994455}" = protocol=6 | dir=in | app=d:\spiele\company of heroes\reliccoh.exe | 
"{6FBDBFD3-B8A0-4ECF-9085-BE47F5C6C16D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\anno 2070\anno5.exe | 
"{6FCEF355-0F70-4979-BA11-CE333934BDA1}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{7186FEF3-1C7E-4CB7-A9E2-031EAC9486B9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{754FB06E-D122-4B85-8B3B-72FB633C0911}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{7AFED703-CC2E-4B39-BB08-F8DA6E4BC86D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7BDCFA36-FF18-4963-B577-4250564C7C0E}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"{7CB927AE-CDF9-4F32-A4A8-A0ED61735F5C}" = protocol=17 | dir=in | app=d:\spiele\company of heroes\reliccoh.exe | 
"{7E8A3F6E-2618-4942-BCA9-C95F36B68617}" = protocol=17 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\fc2launcher.exe | 
"{82B57057-0BB0-42DA-8977-4F302CCBE849}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{8B85EEE3-BBDA-4E94-B111-8C9FC410B6AE}" = protocol=6 | dir=in | app=d:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{8D42A98D-8103-44D2-AC8D-5DED0199C981}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{90C51245-B4DD-4EF7-B6B2-BEF6CBBA1DD6}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{95120803-96A8-42DE-AE8A-82A40C3E132F}" = protocol=6 | dir=in | app=d:\spiele\cod world at war\codwaw.exe | 
"{9DE84606-2FF2-452C-B73A-F0F1AAD91A17}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2\arma2.exe | 
"{9F801E7F-0714-425D-B5C0-F2FB89910368}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{A06A9893-CF89-481E-83F3-2776EA28DC61}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{A0A62C3F-8154-44F1-B140-F5347CD08474}" = protocol=6 | dir=in | app=d:\spiele\swat 4\contentexpansion\system\swat4xdedicatedserver.exe | 
"{A1F96A08-0D62-4564-BB0B-7B4B3F565007}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{A6E16E6C-B88B-4D03-B8C1-AEA666958985}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\battlefield 2\bf2.exe | 
"{A8199551-8F7A-4654-9047-9DF8C5BEFEF5}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\anno 2070\anno5.exe | 
"{AAA63BE4-77DA-4A8F-9AD4-6706F5649B43}" = protocol=17 | dir=in | app=d:\spiele\cod world at war\codwawmp.exe | 
"{ACF7CAE7-BCEC-458B-AFD9-48967C02CD7D}" = protocol=17 | dir=in | app=d:\spiele\swat 4\contentexpansion\system\swat4xdedicatedserver.exe | 
"{B85E38C0-CD7A-41BA-8E5D-5010C7B949AF}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C0CEEA57-A8C2-4FFB-B29C-5D08373BF672}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C1FD7646-E456-4F8B-B8B8-4776712AB0F9}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\battlefield 2\bf2.exe | 
"{C652EA1B-1D21-4A2D-BD15-981F66785787}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe | 
"{C66E40E6-8D82-4F9D-B41D-AB3B42A2FBF9}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\railworks\railworks.exe | 
"{C9BF62E8-35BE-4943-8373-9E1071A9F863}" = protocol=6 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\fc2serverlauncher.exe | 
"{CFD3D0E2-1759-47D2-8D5E-7462AB1636A4}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\railworks\railworks.exe | 
"{D316D38F-1EBE-4A8F-8E27-3843E58E24AB}" = protocol=6 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\fc2launcher.exe | 
"{D4C82CF9-C4DB-4879-8B80-9D9173C7451A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\cities in motion 2\cim2.exe | 
"{D9709E98-1FAE-499F-97F8-4514CB77753D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{DE7667A8-7075-43C3-831A-3CAC0A07A295}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{DEECD42F-DF9F-47AC-B9FA-375F702D9013}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{DF385512-243E-483A-A5D4-3145895D50E4}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{E30EAC3E-0C1A-4173-B5E2-A8A9C6F6F99A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{E679C384-0224-4396-922D-91984FBC486E}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{EE7D16A8-5FEA-4A42-869F-E674FF9EE689}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe | 
"{F3B24E77-A880-4BEE-8C70-B0494D2852DF}" = protocol=6 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\farcry2.exe | 
"{F4FA6C21-09D1-466B-AD59-3CBBA551049D}" = protocol=6 | dir=in | app=d:\spiele\cod world at war\codwawmp.exe | 
"{F72AE2C1-9708-4ED4-87D2-CED771813F3B}" = protocol=17 | dir=in | app=d:\spiele\farcry 2\far cry 2\bin\fc2serverlauncher.exe | 
"{F8157F6F-DCB3-4F87-B8F5-2E8E53692F27}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{FFF40C2D-2641-40DE-8346-33AA3853A2CB}" = protocol=17 | dir=in | app=d:\spiele\swat 4\contentexpansion\system\swat4x.exe | 
"TCP Query User{04254979-28AF-4909-9F76-A2F37C9A3DF2}D:\programme\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{09C41318-227C-4D36-BEA6-FA32F3DB4FFF}D:\spiele\neuzeit\empires_dmw.exe" = protocol=6 | dir=in | app=d:\spiele\neuzeit\empires_dmw.exe | 
"TCP Query User{2C97578B-31E4-44A9-92F3-BDE158FFC6CD}D:\programme\fms32-pro\fms32prodemo.exe" = protocol=6 | dir=in | app=d:\programme\fms32-pro\fms32prodemo.exe | 
"TCP Query User{3BD9981E-06F2-406A-9286-E29D4D5649F0}D:\spiele\omsi\omsi.exe" = protocol=6 | dir=in | app=d:\spiele\omsi\omsi.exe | 
"TCP Query User{4754DB72-5C1F-4267-8DD2-A323DB99C837}D:\spiele\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\spiele\emergency 4\em4.exe | 
"TCP Query User{6116BC34-AE9B-4CF4-847B-267C4859ACCF}D:\spiele\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=d:\spiele\battlefield 1942\bf1942.exe | 
"TCP Query User{656BBF64-C51A-4A4A-A036-54F741460183}D:\spiele\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\spiele\cod2\cod2mp_s.exe | 
"TCP Query User{6714456E-94D8-4041-A200-0A6A078C4F5C}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{AD4CB316-D4C6-4013-91F6-6C161D4FB75F}D:\spiele\swat4\contentexpansion\system\swat4x.exe" = protocol=6 | dir=in | app=d:\spiele\swat4\contentexpansion\system\swat4x.exe | 
"TCP Query User{CD7FB1A4-4744-4259-93E4-513F857F1BE7}D:\spiele\sixupdater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\spiele\sixupdater\tools\bin\rsync.exe | 
"TCP Query User{D1F88A39-5939-4EA2-9BE8-D90F3396F183}D:\spiele\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\spiele\emergency 4\em4.exe | 
"UDP Query User{36908A04-9F13-4169-8F96-DCD50F348644}D:\programme\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{38EBAE83-104B-4198-A695-E6C4BF81364C}D:\spiele\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\spiele\emergency 4\em4.exe | 
"UDP Query User{45332797-BEFA-4644-8A9C-B7F44388340C}D:\spiele\omsi\omsi.exe" = protocol=17 | dir=in | app=d:\spiele\omsi\omsi.exe | 
"UDP Query User{4B3A56A5-DBD8-4B07-B027-BEBDFC15013F}D:\spiele\swat4\contentexpansion\system\swat4x.exe" = protocol=17 | dir=in | app=d:\spiele\swat4\contentexpansion\system\swat4x.exe | 
"UDP Query User{A1B39CAC-D7D1-4AB4-B563-D140C955594A}D:\spiele\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=d:\spiele\battlefield 1942\bf1942.exe | 
"UDP Query User{A72A2202-BE20-4B1D-80FA-C556DE69AE18}D:\spiele\neuzeit\empires_dmw.exe" = protocol=17 | dir=in | app=d:\spiele\neuzeit\empires_dmw.exe | 
"UDP Query User{ADC171A4-87E5-4035-9930-FB24693FCBDC}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{B02418D8-C0A2-424C-94FC-7D538B511371}D:\spiele\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\spiele\emergency 4\em4.exe | 
"UDP Query User{DC08D4F3-7932-4201-B44F-E3EFDD5A3314}D:\spiele\sixupdater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\spiele\sixupdater\tools\bin\rsync.exe | 
"UDP Query User{F2BDCD27-848B-4327-8B35-91C7080A3F19}D:\programme\fms32-pro\fms32prodemo.exe" = protocol=17 | dir=in | app=d:\programme\fms32-pro\fms32prodemo.exe | 
"UDP Query User{F3ADE574-2D1A-4F9B-B9D5-D7388E134569}D:\spiele\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\spiele\cod2\cod2mp_s.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0A902DF4-B767-49DB-98D3-D413E6F1E703}" = World of Subways Vol.2
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{32B08666-1587-435D-988C-7958A04B218A}_is1" = OMSI Addon Manager Version 1.2.3
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5e81fe58-329f-41df-be06-ec265f0d624f}_is1" = Rettungsdienst GER
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{AA114FA3-54D7-46D9-8028-AECAC9ABE615}_is1" = Cossacks Anthology
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D35C30C0-0A42-44C2-BBC9-23431832C89E}" = DayZ Commander
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-PDF Maker_is1" = 7-PDF Maker Version 1.4.1 (Build 128)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Core Tuner 2_is1" = Ashampoo Core Tuner 2 2.0.1
"Avira AntiVir Desktop" = Avira Antivirus Premium
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"bi_uninstaller" = Bundled software uninstaller
"Columbus Tree Mod" = Columbus Tree Mod 1.0 deutsch
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.46
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Emergency 2012" = Emergency 2012
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"ERSBerlin_is1" = ERS Berlin
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"IncrediMail" = IncrediMail 2.0
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - THE STETCHKOV SYNDICATE
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ST6UNST #1" = FMS32-PRO - Demoversion
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 225420" = Cities in Motion 2
"Steam App 228200" = Company of Heroes (New Steam Version)
"Steam App 24010" = Train Simulator 2013
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 24860" = Battlefield 2
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 48240" = Anno 2070
"Steam App 9340" = Company of Heroes: Opposing Fronts
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2411497344-1953539480-393459525-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"11-99 Enhancement Mod v1.3" = 11-99 Enhancement Mod v1.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2013 08:36:56 | Computer Name = Nathan | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10e4    Startzeit:
 01ce62a6b6a31a0e    Endzeit: 139    Anwendungspfad: D:\Spiele\GTA San Andreas\GTA_SA\GTA
 SA\gta_sa.exe    Berichts-ID:   
 
Error - 06.06.2013 08:40:47 | Computer Name = Nathan | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1d68    Startzeit:
 01ce62b28bb01019    Endzeit: 83    Anwendungspfad: D:\Spiele\GTA San Andreas\GTA_SA\GTA
 SA\gta_sa.exe    Berichts-ID:   
 
Error - 09.06.2013 13:05:26 | Computer Name = Nathan | Source = VSS | ID = 8194
Description = 
 
Error - 11.06.2013 04:21:52 | Computer Name = Nathan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe, Version:
 13.0.3020.2, Zeitstempel: 0x51067abd  Name des fehlerhaften Moduls: TuneUpUtilitiesService32.exe,
 Version: 13.0.3020.2, Zeitstempel: 0x51067abd  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00017c6d  ID des fehlerhaften Prozesses: 0x878  Startzeit der fehlerhaften Anwendung:
 0x01ce667cb066c857  Pfad der fehlerhaften Anwendung: C:\Program Files\TuneUp Utilities
 2013\TuneUpUtilitiesService32.exe  Pfad des fehlerhaften Moduls: C:\Program Files\TuneUp
 Utilities 2013\TuneUpUtilitiesService32.exe  Berichtskennung: f8046484-d26f-11e2-9b10-00235426ab1b
 
Error - 11.06.2013 11:29:37 | Computer Name = Nathan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0x1324  Startzeit der fehlerhaften Anwendung: 0x01ce66af9cc29bc7  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: b92e3b74-d2ab-11e2-a591-00235426ab1b
 
Error - 11.06.2013 18:54:06 | Computer Name = Nathan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BF1942.exe, Version: 0.0.0.0, Zeitstempel:
 0x400fa74a  Name des fehlerhaften Moduls: BF1942.exe, Version: 0.0.0.0, Zeitstempel:
 0x400fa74a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0020141b  ID des fehlerhaften Prozesses:
 0x1e8c  Startzeit der fehlerhaften Anwendung: 0x01ce66f67a6a3354  Pfad der fehlerhaften
 Anwendung: D:\Spiele\Battlefield 1942\BF1942.exe  Pfad des fehlerhaften Moduls: D:\Spiele\Battlefield
 1942\BF1942.exe  Berichtskennung: d16fab90-d2e9-11e2-a591-00235426ab1b
 
Error - 12.06.2013 14:04:50 | Computer Name = Nathan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BF1942.exe, Version: 0.0.0.0, Zeitstempel:
 0x400fa74a  Name des fehlerhaften Moduls: BF1942.exe, Version: 0.0.0.0, Zeitstempel:
 0x400fa74a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0020141b  ID des fehlerhaften Prozesses:
 0xea0  Startzeit der fehlerhaften Anwendung: 0x01ce679705490bf1  Pfad der fehlerhaften
 Anwendung: D:\Spiele\Battlefield 1942\BF1942.exe  Pfad des fehlerhaften Moduls: D:\Spiele\Battlefield
 1942\BF1942.exe  Berichtskennung: 92cc49f0-d38a-11e2-96fa-00235426ab1b
 
Error - 16.06.2013 07:35:26 | Computer Name = Nathan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.5.2405, 
Zeitstempel: 0x49a5b7bc  Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.9200.16611,
 Zeitstempel: 0x5191f8be  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000b2db  ID des fehlerhaften
 Prozesses: 0x1a40  Startzeit der fehlerhaften Anwendung: 0x01ce6a76d6e6b8ba  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\System32\jscript.dll  Berichtskennung: d68d93ce-d678-11e2-a4f6-00235426ab1b
 
Error - 18.06.2013 18:36:13 | Computer Name = Nathan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106,
 Zeitstempel: 0x50f950f4  Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106,
 Zeitstempel: 0x50f950f4  Ausnahmecode: 0x40000015  Fehleroffset: 0x0010333f  ID des fehlerhaften
 Prozesses: 0xc10  Startzeit der fehlerhaften Anwendung: 0x01ce6c65d066685f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
 7ad5e5f5-d867-11e2-b77b-00235426ab1b
 
Error - 20.06.2013 09:54:01 | Computer Name = Nathan | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 20.06.2013 17:51:42 | Computer Name = Nathan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 20.06.2013 17:52:47 | Computer Name = Nathan | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 20.06.2013 17:52:47 | Computer Name = Nathan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2013 03:59:21 | Computer Name = Nathan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2013 um 09:57:24 unerwartet heruntergefahren.
 
Error - 21.06.2013 04:01:59 | Computer Name = Nathan | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2013 04:01:59 | Computer Name = Nathan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2013 09:58:57 | Computer Name = Nathan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2013 um 14:24:54 unerwartet heruntergefahren.
 
Error - 21.06.2013 10:01:32 | Computer Name = Nathan | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2013 10:01:32 | Computer Name = Nathan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2013 10:08:41 | Computer Name = Nathan | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
 
< End of report >

--- --- ---

t'john · 25.06.2013, 15:39

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL

[2013.06.11 12:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess 
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=862eec6f00000000000000235426ab1b 
IE - HKU\S-1-5-21-2411497344-1953539480-393459525-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:40D3D3E8 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\unser\*.tmp
C:\Users\unser\AppData\*.dll
C:\Users\unser\AppData\*.exe
C:\Users\unser\AppData\Local\Temp\*.exe
C:\Users\unser\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

danach:

3. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Nathan|RSA · 01.07.2013, 09:03

Hallo, danke für die Antwort... leider hat mein PC irgendwie mein Monitor zerstört..... und als ich einen Ersatz angehangen habe, war der nach 5 Min auch kaputt.... also kann ich derzeit nichts mehr machen, muss erst gucken das ich irgendwo einen alten Monitor her bekomme... damit nicht noch ein guter Kaputt geht..... Ich melde mich sobald ich einen habe....

Aber nur ne kleine Frage nebenbei.... wie kann des passieren das mein PC die Bildschirme schrottet??

t'john · 02.07.2013, 14:23

Zitat:

wie kann des passieren das mein PC die Bildschirme schrottet??

kann eigentlich nicht sein.

funktionieren die Mnitore dann an anderen PCs nicht mehr?

t'john · 30.09.2013, 19:06

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

22.06.2013, 15:51	#4
t'john /// Helfer-Team	Weisser Bildschirm Zwischenfrage. Geht der abgesicherte Modus? __________________ Mfg, t'john Das TB unterstützen

Weisser Bildschirm

Plagegeister aller Art und deren Bekämpfung: Weisser Bildschirm