Trojaner-Board - Bundespolizei / UKash Virusbefall

Wahnsinns Support hier... Hochachtung!
Hier die Daten der OTL.txt

Code:

OTL logfile created on: 15.11.2012 12:26:28 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\B******\Desktop

 Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,19% Memory free

4,00 Gb Paging File | 3,23 Gb Available in Paging File | 80,81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,76 Gb Total Space | 284,11 Gb Free Space | 63,74% Space Free | Partition Type: NTFS

Drive D: | 465,65 Gb Total Space | 452,17 Gb Free Space | 97,11% Space Free | Partition Type: FAT32

Drive E: | 19,99 Gb Total Space | 5,50 Gb Free Space | 27,49% Space Free | Partition Type: FAT32

Drive J: | 962,70 Mb Total Space | 961,97 Mb Free Space | 99,92% Space Free | Partition Type: FAT

 

Computer Name: B******-PC | User Name: B****** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\B******\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\B******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)

PRC - C:\Programme\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)

PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.)

DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\HomeCinema\PowerDVD\000.fcl (Cyberlink Corp.)

DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.general-anzeiger-bonn.de/

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes,DefaultScope = {A740D645-4935-4797-8574-4561887FF25F}

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=C5B067B001CB1058002912B6&install_time=2010-06-20T09:12:57Z&src_id=11424&camp_id=1225&tb_version=2.5.12000.509

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{A740D645-4935-4797-8574-4561887FF25F}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

 

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (ALOT Symbolleiste Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Programme\alot\bin\BHO\alotBHO.dll (Vertro)

O3 - HKLM\..\Toolbar: (ALOT Symbolleiste) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Programme\alot\bin\alot.dll (Vertro)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\B******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\B******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bip.doeres.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE4D5D7-D038-4ABA-A85B-A634AC97F78B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.15 17:40:44 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.11.15 15:55:08 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.65.1.1000.exe

[2012.11.15 15:14:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.11.15 12:24:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\B******\Desktop\OTL.exe

[2012.11.10 08:11:02 | 000,000,000 | ---D | C] -- C:\Users\B******\Documents\DeutschePost_ID788293-224

[2012.10.17 17:06:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012.10.17 17:05:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2012.10.17 17:05:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.10.17 17:05:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2012.10.17 17:05:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.17 17:05:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.17 17:05:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2012.10.17 17:05:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2012.10.17 17:05:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2012.10.17 17:05:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2012.10.17 17:05:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2012.10.17 17:05:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.17 17:05:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.17 17:05:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2012.10.17 16:59:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.10.17 16:59:18 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.15 15:55:16 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.65.1.1000.exe

[2012.11.15 12:25:34 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.15 12:25:34 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.15 12:25:34 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.15 12:25:34 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.15 12:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\B******\Desktop\OTL.exe

[2012.11.15 12:04:29 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.15 12:04:29 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.15 11:57:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.15 11:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.15 11:57:05 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.15 11:56:17 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat

[2012.11.12 18:55:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.11 22:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

 
 ========== Files Created - No Company Name ==========

 

[2012.11.15 11:56:17 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat

[2011.05.24 20:36:27 | 000,003,958 | ---- | C] () -- C:\Users\B******\ESt2010_B******_HERMANN-JOSEF_und_B******_SIMONE_URSULA.elfo

[2010.10.21 06:09:46 | 000,004,096 | -H-- | C] () -- C:\Users\B******\AppData\Local\keyfile3.drm

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.11.15 12:24:18 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Dropbox

[2011.05.24 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\elsterformular

[2012.05.18 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\LolClient

[2011.08.16 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\TeamViewer

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2009.12.02 22:27:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.12.01 11:56:02 | 000,000,000 | -HSD | M] -- C:\Boot

[2012.10.18 02:10:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2007.12.26 15:47:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2007.10.09 14:46:22 | 000,000,000 | ---D | M] -- C:\Intel

[2008.03.01 18:04:26 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2007.10.22 13:39:20 | 000,000,000 | ---D | M] -- C:\MyWorks

[2009.12.02 22:31:51 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.11.15 15:57:07 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.11.15 17:40:45 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2007.12.26 15:47:16 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.02 22:27:27 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.11.15 15:14:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.05.18 13:31:23 | 000,000,000 | ---D | M] -- C:\Riot Games

[2012.11.15 12:28:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.12.02 22:27:43 | 000,000,000 | R--D | M] -- C:\Users

[2011.12.01 11:55:15 | 000,000,000 | ---D | M] -- C:\Windows

[2009.12.02 22:06:36 | 000,000,000 | ---D | M] -- C:\Windows.old

[2009.12.02 19:36:40 | 000,000,000 | ---D | M] -- C:\Windows.oldVista

[2012.11.15 17:40:44 | 000,000,000 | ---D | M] -- C:\_OTL

 
 < %SYSTEMDRIVE%\*.* >

[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2009.12.02 22:12:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012.11.15 11:56:17 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat

[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012.11.15 15:21:28 | 000,021,148 | ---- | M] () -- C:\Extras.Txt

[2012.11.15 11:57:05 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys

[2009.02.25 17:08:46 | 000,000,210 | ---- | M] () -- C:\INSTALL.LOG

[2007.10.15 15:46:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012.11.15 15:55:16 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.65.1.1000.exe

[2007.10.15 15:46:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012.11.15 15:19:33 | 000,045,700 | ---- | M] () -- C:\OTL.txt

[2012.11.15 11:57:07 | 2145,570,816 | -HS- | M] () -- C:\pagefile.sys

[2007.07.26 17:47:32 | 000,000,631 | ---- | M] () -- C:\PDVD.iss

[2007.06.27 16:26:48 | 000,000,512 | ---- | M] () -- C:\TVE.iss

 
 < %PROGRAMFILES%\*.exe >

Invalid Environment Variable: PROGRAMFILES(X86)

 
 < %systemroot%\*. /mp /s >

 
 < %windir%\installer\*. /10 >

 
 < %appdata%\*.  >

[2009.12.03 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Adobe

[2010.02.26 07:58:43 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\CyberLink

[2012.11.15 12:24:18 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Dropbox

[2011.05.24 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\elsterformular

[2009.12.05 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Google

[2009.12.02 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Identities

[2012.05.18 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\LolClient

[2009.12.02 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Macromedia

[2011.05.22 21:50:22 | 000,000,000 | --SD | M] -- C:\Users\B******\AppData\Roaming\Microsoft

[2011.08.16 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\TeamViewer

 
 < %appdata%\*.*  >

 
 < %appdata%\*.exe /s >

[2012.06.14 03:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\B******\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.06.14 03:09:00 | 000,874,440 | ---- | M] (Dropbox, Inc.) -- C:\Users\B******\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.06.14 03:09:06 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\B******\AppData\Roaming\Dropbox\bin\Uninstall.exe

 
 < %localappdata%\*.  >

[2012.01.20 18:18:56 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Adobe

[2009.12.02 22:27:47 | 000,000,000 | -HSD | M] -- C:\Users\B******\AppData\Local\Anwendungsdaten

[2012.11.10 12:28:24 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Diagnostics

[2010.08.09 10:33:57 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\ElevatedDiagnostics

[2012.03.18 12:21:54 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Google

[2010.10.21 06:09:45 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Microsoft

[2009.12.21 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Microsoft Games

[2012.04.13 17:08:35 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Microsoft Help

[2010.02.28 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\PlayMovie

[2012.07.27 17:12:05 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\PMB Files

[2009.12.02 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\PowerCinema

[2012.11.15 12:24:17 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\Temp

[2009.12.02 22:27:47 | 000,000,000 | -HSD | M] -- C:\Users\B******\AppData\Local\Temporary Internet Files

[2009.12.02 22:27:47 | 000,000,000 | -HSD | M] -- C:\Users\B******\AppData\Local\Verlauf

[2010.02.26 07:58:45 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Local\VirtualStore

 
 < %localappdata%\*.* >

[2010.06.27 23:35:25 | 000,110,384 | ---- | M] () -- C:\Users\B******\AppData\Local\GDIPFONTCACHEV1.DAT

[2012.11.11 22:47:14 | 000,955,260 | -H-- | M] () -- C:\Users\B******\AppData\Local\IconCache.db

[2010.10.21 06:09:46 | 000,004,096 | -H-- | M] () -- C:\Users\B******\AppData\Local\keyfile3.drm

 
 < %localappdata%\*.exe /s >

[2012.11.10 08:12:46 | 000,036,027 | ---- | M] () -- C:\Users\B******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\591ZYRKH\43d982be5107d1b8de698e16759b9956[1].exe

[2012.07.10 19:36:58 | 018,492,072 | ---- | M] (Dropbox, Inc.) -- C:\Users\B******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\591ZYRKH\Dropbox 1.4.9.exe

[2011.08.16 20:43:45 | 002,666,304 | ---- | M] (TeamViewer GmbH) -- C:\Users\B******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BI0PHD8F\TeamViewerQS_de[1].exe

[2010.12.14 22:46:00 | 000,003,314 | ---- | M] () -- C:\Users\B******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R6SYD7JQ\inst[1].exe

[2006.08.26 00:54:18 | 000,724,992 | ---- | M] (Electronic Arts Inc.) -- C:\Users\B******\AppData\Local\Temp\AutoRun.exe

[2010.02.08 22:16:33 | 001,956,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\B******\AppData\Local\Temp\FlashPlayerUpdate.exe

[2010.06.19 09:23:18 | 002,605,008 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\FlashPlayerUpdate01.exe

[2009.11.18 17:01:02 | 000,211,568 | ---- | M] (Google Inc.) -- C:\Users\B******\AppData\Local\Temp\gtb.exe

[2010.05.28 02:48:25 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\B******\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe

[2010.09.16 22:17:27 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\B******\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

[2010.10.17 17:12:38 | 000,426,552 | ---- | M] (Google Inc.) -- C:\Users\B******\AppData\Local\Temp\SearchWithGoogleUpdate.exe

[137 C:\Users\B******\AppData\Local\Temp\*.tmp files -> C:\Users\B******\AppData\Local\Temp\*.tmp -> ]

[2009.12.02 22:42:25 | 000,049,152 | ---- | M] ( ) -- C:\Users\B******\AppData\Local\Temp\{06258058-8FE7-42E8-8832-C2D4B2131F7B}\PostBuild.exe

[2010.09.29 18:11:20 | 000,528,392 | ---- | M] (Microsoft Corporation) -- C:\Users\B******\AppData\Local\Temp\{493A0038-0900-4B03-84D1-51101C008DEC}\{918A9082-6287-4D25-9002-5E5D5E4971CB}\DXSETUP.exe

[2009.12.02 22:39:21 | 000,049,152 | ---- | M] ( ) -- C:\Users\B******\AppData\Local\Temp\{5A86B839-9D1C-4A82-9463-119D4D4A271B}\PostBuild.exe

[2011.07.19 15:35:24 | 000,222,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\B******\AppData\Local\Temp\{AC76BA86-7AD7-1031-7B44-AA1000000001}\FixTransforms.exe

[2012.10.17 16:11:34 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\B******\AppData\Local\Temp\{CDAD86A9-152B-4AE3-B617-6735700D5075}\InstallFlashPlayer.exe

[2011.03.23 22:41:35 | 002,872,992 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\1B6.dir\InstallFlashPlayer.exe

[2011.04.25 16:38:08 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\29A0.dir\InstallFlashPlayer.exe

[2011.06.07 20:39:43 | 003,119,776 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\2A3B.dir\InstallFlashPlayer.exe

[2011.03.07 18:08:36 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\36C9.dir\InstallFlashPlayer.exe

[2011.11.19 00:08:53 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\3A24.dir\InstallFlashPlayer.exe

[2010.09.06 21:18:34 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\3F61.dir\InstallFlashPlayer.exe

[2010.12.09 21:40:42 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\403B.dir\InstallFlashPlayer.exe

[2011.11.07 23:38:47 | 003,797,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\41B2.dir\InstallFlashPlayer.exe

[2012.02.23 21:25:14 | 003,803,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\46DF.dir\InstallFlashPlayer.exe

[2011.01.28 22:32:30 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\61D7.dir\InstallFlashPlayer.exe

[2010.09.15 22:21:10 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\6E6C.dir\InstallFlashPlayer.exe

[2011.01.20 22:21:41 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\782D.dir\InstallFlashPlayer.exe

[2011.09.11 20:59:43 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\7E54.dir\InstallFlashPlayer.exe

[2010.12.27 10:33:18 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\8536.dir\InstallFlashPlayer.exe

[2011.02.13 23:08:58 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\8C87.dir\InstallFlashPlayer.exe

[2011.09.12 21:47:56 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\937A.dir\InstallFlashPlayer.exe

[2011.10.21 04:35:32 | 003,797,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\9AF8.dir\InstallFlashPlayer.exe

[2011.08.21 10:05:57 | 003,126,944 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\9F8A.dir\InstallFlashPlayer.exe

[2010.11.20 13:26:00 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\A035.dir\InstallFlashPlayer.exe

[2011.06.17 14:46:17 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\B08.dir\InstallFlashPlayer.exe

[2011.01.13 23:50:55 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\B2CD.dir\InstallFlashPlayer.exe

[2011.11.29 21:47:40 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\C5AF.dir\InstallFlashPlayer.exe

[2010.10.24 21:39:28 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\CC44.dir\InstallFlashPlayer.exe

[2011.09.20 22:13:04 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\CFFC.dir\InstallFlashPlayer.exe

[2011.03.30 10:54:29 | 002,872,992 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\DC6B.dir\InstallFlashPlayer.exe

[2011.10.03 16:32:35 | 003,126,944 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\B******\AppData\Local\Temp\FB12.dir\InstallFlashPlayer.exe

[2011.06.01 14:34:03 | 006,955,384 | ---- | M] (TeamViewer GmbH) -- C:\Users\B******\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe

[2011.06.01 14:35:05 | 002,133,368 | ---- | M] (TeamViewer GmbH) -- C:\Users\B******\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe

[2011.06.01 14:34:04 | 002,360,184 | ---- | M] (TeamViewer GmbH) -- C:\Users\B******\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe

[2011.06.01 13:16:33 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Users\B******\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe

[2011.06.01 13:16:34 | 000,144,248 | ---- | M] (TeamViewer GmbH) -- C:\Users\B******\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe

 
 < %allusersprofile%\*.  >

[2012.11.08 21:13:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe

[2009.12.02 22:27:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2009.12.03 08:49:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH

[2009.12.02 22:41:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Cyberlink

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009.12.02 22:27:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011.05.24 19:58:06 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular

[2009.12.02 22:27:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009.12.05 09:59:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Google

[2012.10.17 15:42:28 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft

[2012.10.18 02:10:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help

[2010.06.27 23:46:07 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA

[2010.02.26 07:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayMovie

[2012.07.27 17:12:05 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009.12.02 22:27:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü

[2010.11.05 14:23:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun

[2009.07.14 05:17:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009.12.02 22:27:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2009.12.02 22:36:54 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings

 
 < %allusersprofile%\*.* >

 
 < %allusersprofile%\*.exe /s >

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18951\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18951\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18951\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18951\ReaderUpdater.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21396\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21396\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21396\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21396\ReaderUpdater.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23156\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23156\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23156\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23156\ReaderUpdater.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24835\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24835\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24835\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24835\ReaderUpdater.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\29514\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\29514\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\29514\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\29514\ReaderUpdater.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\6870\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\6870\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\6870\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\6870\ReaderUpdater.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\926\AcrobatUpdater.exe

[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\926\AdobeARM.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\926\AdobeARMHelper.exe

[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\926\ReaderUpdater.exe

[2012.01.03 18:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-A95000000001}\Setup.exe

[2011.12.06 23:07:17 | 000,526,512 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe

 
 <           >

[2009.07.14 05:17:34 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009.07.14 05:17:34 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010.01.30 22:45:43 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2010.01.30 22:45:44 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012.04.14 09:07:33 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 

< End of report >

Und hier die Extras.txt

Code:

OTL Extras logfile created on: 15.11.2012 12:26:28 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\B******\Desktop

 Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,19% Memory free

4,00 Gb Paging File | 3,23 Gb Available in Paging File | 80,81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,76 Gb Total Space | 284,11 Gb Free Space | 63,74% Space Free | Partition Type: NTFS

Drive D: | 465,65 Gb Total Space | 452,17 Gb Free Space | 97,11% Space Free | Partition Type: FAT32

Drive E: | 19,99 Gb Total Space | 5,50 Gb Free Space | 27,49% Space Free | Partition Type: FAT32

Drive J: | 962,70 Mb Total Space | 961,97 Mb Free Space | 99,92% Space Free | Partition Type: FAT

 

Computer Name: B******-PC | User Name: B****** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C6E1CAC-3B2E-46C4-B8AE-EE50670363E1}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{15B46560-421C-456D-9235-2FFCA7726EE9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{1B3F7BC1-1F22-415E-B76D-F2ADC6EBB8FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2651E033-7B0E-4781-A221-3DD90A011C5D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2F0EE970-CF6B-418D-9C26-9417A275E540}" = lport=137 | protocol=17 | dir=in | app=system | 

"{5D1C4E4E-6BD3-46EE-80FB-4809ABD8D74F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5F332056-5BA6-44F8-B637-2B822CFC8C1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{6CDCEE40-DBC4-43BA-AE73-B5292F91EA99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{75788532-43C9-4690-804F-782A61D51EA9}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7C070A93-D565-4A21-878E-C699AE030078}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{90C35DA5-C593-4DF3-8D29-9B9011910D9F}" = rport=445 | protocol=6 | dir=out | app=system | 

"{91B3E97A-F0C2-42F4-B814-484D3F9589BF}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A4D2C7A7-A0D7-408D-82B3-27398EEAA8C5}" = lport=445 | protocol=6 | dir=in | app=system | 

"{AC2C5545-6A25-46E2-A440-FD4F70A8574E}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B90AC125-297D-4531-9B51-B4749F1C4CD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{BAAF8083-1BDC-44C7-A8E6-B3AC75F2CBAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C6BD323D-FC05-4D41-885C-5D1ACF7FE2EF}" = rport=137 | protocol=17 | dir=out | app=system | 

"{CE1870E7-FF59-4225-A3BE-2BC323F7253C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{D1B6D279-B99B-4911-A703-806DD7771940}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D8C93CFE-DF54-4787-984E-1DA0E48D2B1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{EEE548B9-1087-4C85-9CCB-008ECD3D3B2C}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{F9B78F78-425C-406D-AAAF-429A8FFB9C07}" = rport=138 | protocol=17 | dir=out | app=system | 

"{FB308296-2DDF-46BF-AFD8-266FD9E926D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{FB5CF706-28BD-4AFF-ABC7-58871F6B391E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{110F1CAB-F689-4284-948C-28BF8B59A282}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{13F64BE5-93E1-4177-8F81-4323E9A916DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{14189EDD-2012-4178-8055-24FC0602B8C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{35A15F7B-8321-45D2-9923-6C0F7C7FB5DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{4FC62960-D7F0-4343-AE5A-73021835D8E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5E9F243F-B73E-4D58-A435-540444EB66D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{6391C08F-858F-4997-9A48-D49B14E1AC51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{861A9DDE-AB38-4270-AA11-D6FD47AD9178}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{861C2777-AE2C-40C1-80D2-7231DB817501}" = protocol=6 | dir=in | app=c:\users\B******\appdata\roaming\dropbox\bin\dropbox.exe | 

"{8AB72D85-B396-407B-AC8C-A8C58083E22B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{9458CBCB-83EB-4EB4-A192-928F1E9FE7E3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{9525A4BB-A12F-4BBF-B9D4-54A89F0B40CE}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 

"{99A1EF06-1E11-4DE0-9284-B675422EB6D9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{9F216E1B-D560-4A5F-90A5-3B30C48B2C8C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9F7A43AA-9ED4-4B30-910F-213C1CF22938}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{A4449794-90F0-4C2B-97F6-8E7C1D98D899}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{A5B96948-93CD-419A-B5EB-28CDB347298B}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 

"{AF15CEE3-B44D-4123-ACCB-62D14F6AFF0D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{BBD67FBB-4E35-465D-8D23-E1D497E2B281}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C1357108-B3CA-4C7C-BC5A-B90C7C155052}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{C22F08A0-CCDE-498B-91F2-8CCE33BE5FC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CE645C21-5549-4F25-AE9C-5B0E9D274F8F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{D1AC3943-D742-4A57-ABA2-E41440CCA007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D89970BB-F7B8-4707-AB93-D21DB105DE0B}" = protocol=17 | dir=in | app=c:\users\B******\appdata\roaming\dropbox\bin\dropbox.exe | 

"{E8AD742D-5A75-4810-A8A4-3138A03D3FED}" = protocol=6 | dir=out | app=system | 

"{F47D5A19-D3BA-4482-BDBF-384B005AEB65}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 

"{FBC9118B-C3F3-4DF2-B189-D4854CFF3FEB}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 

"TCP Query User{01EE72BA-10CD-4335-AC31-CF2EFF1448B7}C:\users\B******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\B******\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{658971B9-72CC-4958-B42B-CC880D96374D}C:\users\B******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\B******\appdata\roaming\dropbox\bin\dropbox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{C3DA8603-64E5-48F6-00AB-2FB1C029CCEB}" = NBA LIVE 07

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0

"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow

"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional

"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"alotToolbar" = ALOT Symbolleiste

"avast!" = avast! Antivirus

"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"X10Hardware" = X10 Hardware(TM)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3550619374-1804765000-1432619195-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 19.08.2012 03:08:58 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm ashDisp.exe, Version 4.8.1367.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 924    Startzeit: 

01cd7dd958e8558d    Endzeit: 12757    Anwendungspfad: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
 

Berichts-ID:

 ad7d06bb-e9cc-11e1-9921-001d92279c92  

 

Error - 17.09.2012 16:50:46 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm ashDisp.exe, Version 4.8.1367.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 918    Startzeit: 

01cd9515f5889290    Endzeit: 44645    Anwendungspfad: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
 

Berichts-ID:

 38ba2533-0109-11e2-b79f-001d92279c92  

 

Error - 20.09.2012 06:35:53 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm ashDisp.exe, Version 4.8.1367.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 824    Startzeit: 

01cd971b8ab4dc1e    Endzeit: 28142    Anwendungspfad: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
 

Berichts-ID:

 dd8e312f-030e-11e2-b06a-001d92279c92  

 

Error - 17.10.2012 10:41:30 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm ashDisp.exe, Version 4.8.1367.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 994    Startzeit: 

01cdac75411dbb49    Endzeit: 53596    Anwendungspfad: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
 

Berichts-ID:

 93d946a8-1868-11e2-a92a-0015af4403fe  

 

Error - 18.10.2012 19:01:16 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm OUTLOOK.EXE, Version 12.0.6661.5003 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: dec    Startzeit: 01cdad8429828e88    Endzeit: 0    Anwendungspfad: C:\Program

 Files\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: a393d1c3-1977-11e2-8fd2-001d92279c92
 

 

Error - 18.10.2012 19:02:12 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm OUTLOOK.EXE, Version 12.0.6661.5003 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: f7c    Startzeit: 01cdad847a3d2859    Endzeit: 16    Anwendungspfad: 

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: c367d80d-1977-11e2-8fd2-001d92279c92
 

 

Error - 18.10.2012 19:33:11 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm OUTLOOK.EXE, Version 12.0.6661.5003 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: f9c    Startzeit: 01cdad88dcc8e36b    Endzeit: 16    Anwendungspfad: 

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: 25eed05f-197c-11e2-88c9-001d92279c92
 

 

Error - 22.10.2012 18:56:10 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm ashDisp.exe, Version 4.8.1367.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 914    Startzeit: 

01cdb0a841034392    Endzeit: 40778    Anwendungspfad: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
 

Berichts-ID:

 87afa561-1c9b-11e2-85d8-001d92279c92  

 

Error - 10.11.2012 02:32:28 | Computer Name = B******-PC | Source = Application Hang | ID = 1002

Description = Programm OUTLOOK.EXE, Version 12.0.6661.5003 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: ca8    Startzeit: 01cdbf0d1030a913    Endzeit: 16    Anwendungspfad: 

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: 5b885ac7-2b00-11e2-8863-001d92279c92
 

 

Error - 12.11.2012 13:51:51 | Computer Name = B******-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,

 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,

 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00f35609  ID des fehlerhaften

 Prozesses: 0x80c  Startzeit der fehlerhaften Anwendung: 0x01cdc0fe2a1d2961  Pfad der

 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown

Berichtskennung:

 a2dbee96-2cf1-11e2-9643-001d92279c92

 

[ OSession Events ]

Error - 20.10.2010 08:28:39 | Computer Name = B******-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 183

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 20.10.2010 09:13:58 | Computer Name = B******-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2712

 seconds with 600 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 11.11.2012 14:30:10 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 12.11.2012 13:49:47 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 avast! Antivirus erreicht.

 

Error - 12.11.2012 13:49:47 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 12.11.2012 14:06:05 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 avast! Antivirus erreicht.

 

Error - 12.11.2012 14:06:05 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 14.11.2012 09:22:59 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 avast! Antivirus erreicht.

 

Error - 14.11.2012 09:22:59 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 15.11.2012 06:57:14 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 avast! Antivirus erreicht.

 

Error - 15.11.2012 06:57:14 | Computer Name = B******-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 15.11.2012 07:24:48 | Computer Name = B******-PC | Source = DCOM | ID = 10010

Description = 

 

 

< End of report >

So...bin strikt nach Anweisung vorgegangen und das sind die Ergebnisse:

11152012_130607.log

Code:

All processes killed

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: B******

->Temp folder emptied: 303509324 bytes

->Temporary Internet Files folder emptied: 455179181 bytes

->Java cache emptied: 51942691 bytes

->Google Chrome cache emptied: 160230789 bytes

->Flash cache emptied: 35662 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 183545980 bytes

RecycleBin emptied: 603988563 bytes

 

Total Files Cleaned = 1.677,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 11152012_130607
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

AdwCleaner[S1].txt

Code:

# AdwCleaner v2.007 - Datei am 15/11/2012 um 13:02:00 erstellt

# Aktualisiert am 06/11/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium N Service Pack 1 (32 bits)

# Benutzer : B****** - B******-PC

# Bootmodus : Normal

# Ausgeführt unter : J:\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v [Version kann nicht ermittelt werden]
 

Datei : C:\Users\B******\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [729 octets] - [15/11/2012 13:02:00]
 

########## EOF - C:\AdwCleaner[S1].txt - [788 octets] ##########

OTL.Txt

Code:

OTL logfile created on: 15.11.2012 13:12:32 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\B******\Desktop

 Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,55% Memory free

4,00 Gb Paging File | 3,42 Gb Available in Paging File | 85,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,76 Gb Total Space | 286,12 Gb Free Space | 64,19% Space Free | Partition Type: NTFS

Drive D: | 465,65 Gb Total Space | 452,17 Gb Free Space | 97,11% Space Free | Partition Type: FAT32

Drive E: | 19,99 Gb Total Space | 5,50 Gb Free Space | 27,49% Space Free | Partition Type: FAT32

Drive J: | 962,70 Mb Total Space | 960,36 Mb Free Space | 99,76% Space Free | Partition Type: FAT

 

Computer Name: B******-PC | User Name: B****** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\B******\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\B******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Programme\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)

PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.)

DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\HomeCinema\PowerDVD\000.fcl (Cyberlink Corp.)

DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.general-anzeiger-bonn.de/

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes,DefaultScope = {A740D645-4935-4797-8574-4561887FF25F}

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=C5B067B001CB1058002912B6&install_time=2010-06-20T09:12:57Z&src_id=11424&camp_id=1225&tb_version=2.5.12000.509

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\..\SearchScopes\{A740D645-4935-4797-8574-4561887FF25F}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de

IE - HKU\S-1-5-21-3550619374-1804765000-1432619195-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

 

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2012.11.15 13:06:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\B******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\B******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bip.doeres.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE4D5D7-D038-4ABA-A85B-A634AC97F78B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.15 17:40:44 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.11.15 15:55:08 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.65.1.1000.exe

[2012.11.15 15:14:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.11.15 12:24:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\B******\Desktop\OTL.exe

[2012.11.10 08:11:02 | 000,000,000 | ---D | C] -- C:\Users\B******\Documents\DeutschePost_ID788293-224

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.15 15:55:16 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.65.1.1000.exe

[2012.11.15 13:10:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.15 13:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.15 13:10:26 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.15 13:09:44 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.15 13:09:44 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.15 13:08:23 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.15 13:08:23 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.15 13:08:23 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.15 13:08:23 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.15 13:06:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012.11.15 12:54:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.15 12:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.15 12:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\B******\Desktop\OTL.exe

[2012.11.15 11:56:17 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.11.15 11:56:17 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat

[2011.05.24 20:36:27 | 000,003,958 | ---- | C] () -- C:\Users\B******\ESt2010_B******_HERMANN-JOSEF_und_B******_SIMONE_URSULA.elfo

[2010.10.21 06:09:46 | 000,004,096 | -H-- | C] () -- C:\Users\B******\AppData\Local\keyfile3.drm

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.11.15 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\Dropbox

[2011.05.24 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\elsterformular

[2012.05.18 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\LolClient

[2011.08.16 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\B******\AppData\Roaming\TeamViewer

 
 ========== Purity Check ==========

 

 
 

< End of report >

checkup.txt

Code:

 Results of screen317's Security Check version 0.99.54  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 9  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! antivirus   

 Antivirus out of date! (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java(TM) 6 Update 22  

 Java version out of Date! 

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 21.0.1180.83  

 Google Chrome 21.0.1180.89  

 Google Chrome 22.0.1229.94  

 Google Chrome 23.0.1271.64  
 ````````Process Check: objlist.exe by Laurent````````  

 Alwil Software Avast4 aswUpdSv.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````