| tracker7 | 14.02.2013 20:54 |
Hi,
das weiß ich nicht mehr, ist schon ewig her, aber glaub der war von www.chip.de
hier das OTL Log: Code:
OTL logfile created on: 14.02.2013 20:01:40 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,13% Memory free
20,00 Gb Paging File | 18,11 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): c:\pagefile.sys 12288 12288 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,23 Gb Total Space | 130,32 Gb Free Space | 69,98% Space Free | Partition Type: NTFS
Drive M: | 390,62 Gb Total Space | 331,15 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
Drive P: | 390,62 Gb Total Space | 345,04 Gb Free Space | 88,33% Space Free | Partition Type: NTFS
Drive S: | 195,31 Gb Total Space | 42,62 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
Computer Name: STEVE-DEVINE | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\.....\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\DeltaIITray.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\DeltaIITray.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater14.1.7) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HTCMonitorService) -- P:\HTC sync\HSMServiceEntry.exe (Nero AG)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (a8djavs) -- C:\Windows\SysNative\drivers\a8djavs.sys (Native Instruments GmbH)
DRV:64bit: - (a8djusb_svc) -- C:\Windows\SysNative\drivers\a8djusb.sys (Native Instruments GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (DELTAII) -- C:\Windows\SysNative\drivers\MAudioDelta.sys (Avid Technology, Inc.)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 CF 8C CE 9D 5F CD 01 [binary data]
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{5C236350-671F-40ce-B6C1-3C5476C2D2C1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C05C9820-C280-4E4B-88E7-745E822C2845}&mid=aa826477c25447d0af9581ac0f8228b4-9f9c2bea51192688557d723b2a25abf41b948d09&lang=de&ds=AVG&pr=fr&d=2012-10-03 19:10:07&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{9E177DC2-2452-45c1-9855-A13360BD68C5}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{E2EDFDE3-69EC-493B-8D83-3F637DBFA538}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.1.0.10
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B1d197ca7-8b43-4cf9-a6ce-1881e44254c3%7D&mid=aa826477c25447d0af9581ac0f8228b4-9f9c2bea51192688557d723b2a25abf41b948d09&ds=AVG&v=13.2.0.5&lang=de&pr=fr&d=2012-10-03%2019%3A10%3A07&sap=ku&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: P:\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013.02.12 05:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.12.27 10:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.11 20:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.07.11 20:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ekec08ch.default\extensions
[2013.02.14 19:50:05 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\ekec08ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.11 20:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.12 05:58:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.1.0.10
[2012.12.27 10:21:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 05:58:34 | 000,003,591 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: Google Mail = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830FD184-6F66-4D8C-837B-9839C2155C07}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D143376D-5C2D-44C0-A6B8-0E264251D33C}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^.....^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - P:\Kies\KiesAirMessage.exe (Samsung Electronics)
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - P:\Kies\Kies.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - P:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.02.12 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.12 21:00:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe
[2013.02.12 05:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013.02.08 18:02:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.08 18:02:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.08 18:02:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 18:02:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.27 11:42:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013.01.27 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2013.01.26 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Serato
========== Files - Modified Within 30 Days ==========
[2013.02.14 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 14:11:21 | 000,022,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 14:11:21 | 000,022,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 14:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 14:04:09 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 06:08:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.13 06:08:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.13 06:08:50 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.13 06:08:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.13 06:08:50 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 21:00:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe
[2013.02.12 20:14:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.12 20:14:39 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.12 05:58:07 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.02.10 18:27:51 | 787,955,756 | ---- | M] () -- C:\Users\.....\Desktop\2013-02-10_17h13m24.wav
[2013.02.10 12:44:50 | 000,005,062 | ---- | M] () -- C:\Users\.....\Desktop\(Kündigung).pdf
[2013.02.08 18:01:55 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.08 18:01:55 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.08 18:01:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.08 18:01:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.08 18:01:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 18:01:55 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 14:52:44 | 000,021,347 | ---- | M] () -- C:\Users\.....\Desktop\www.DJ-Technik.de.pdf
[2013.01.26 22:20:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_a8djusb_01009.Wdf
[2013.01.25 15:49:02 | 000,127,111 | ---- | M] () -- C:\Users\.....\Desktop\PicsPlay_1359125342488.jpg
[2013.01.25 13:02:12 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
========== Files Created - No Company Name ==========
[2013.02.10 18:31:01 | 787,955,756 | ---- | C] () -- C:\Users\.....\Desktop\2013-02-10_17h13m24.wav
[2013.02.10 12:44:49 | 000,005,062 | ---- | C] () -- C:\Users\.....\Desktop\(Kündigung).pdf
[2013.02.07 12:33:43 | 000,127,111 | ---- | C] () -- C:\Users\.....\Desktop\PicsPlay_1359125342488.jpg
[2013.02.06 14:52:43 | 000,021,347 | ---- | C] () -- C:\Users\.....\Desktop\www.DJ-Technik.de.pdf
[2013.01.26 22:20:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_a8djusb_01009.Wdf
[2012.10.10 20:21:36 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.10.05 15:41:33 | 000,223,882 | ---- | C] () -- C:\Users\.....\.TransferManager.db
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.11 19:49:47 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.02.18 15:28:16 | 000,236,040 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
= C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
= %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
= C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
= %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
= C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
ThreadingModel = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.10.13 08:57:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.10.13 08:57:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.01.12 14:19:05 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Ableton
[2012.10.03 18:29:24 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\AVG2013
[2012.07.16 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Canneverbe Limited
[2012.11.24 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\com.beatport.BeatportDownloader
[2012.12.24 16:11:02 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\HTC
[2012.12.24 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\HTC Sync
[2012.12.24 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\MyPhoneExplorer
[2012.11.10 12:07:08 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\pdfforge
[2012.11.04 10:24:13 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Samsung
[2012.07.11 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Splashtop
[2012.10.03 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.10.13 08:56:58 | 000,000,000 | -H-D | M] -- C:\$AVG
[2012.07.11 19:36:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.02.13 18:03:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.12.06 21:53:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.19 12:10:55 | 000,000,000 | ---D | M] -- C:\Intel
[2011.12.10 19:31:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.17 19:54:10 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.07.15 09:08:07 | 000,000,000 | ---D | M] -- C:\PCWELT
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.27 10:21:29 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.12 21:13:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.12 19:55:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.06 21:53:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.11 19:36:06 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.14 20:02:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.10 16:55:19 | 000,000,000 | ---D | M] -- C:\temp
[2012.07.11 20:20:52 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.12 21:18:52 | 000,000,000 | ---D | M] -- C:\Windows
[2012.07.12 18:50:37 | 000,000,000 | ---D | M] -- C:\Windows.old.000
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.14 06:33:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.11.24 08:12:26 | 000,223,882 | ---- | M] () -- C:\Users\.....\.TransferManager.db
[2013.02.14 20:01:51 | 003,670,016 | -HS- | M] () -- C:\Users\.....\ntuser.dat
[2013.02.14 20:01:51 | 000,262,144 | -HS- | M] () -- C:\Users\.....\ntuser.dat.LOG1
[2012.07.11 19:36:12 | 000,000,000 | -HS- | M] () -- C:\Users\.....\ntuser.dat.LOG2
[2012.07.11 20:10:43 | 000,065,536 | -HS- | M] () -- C:\Users\.....\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.07.11 20:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\.....\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.07.11 20:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\.....\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.07.11 19:36:13 | 000,000,020 | -HS- | M] () -- C:\Users\.....\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
< End of report >
--- --- ---
hier der Extra Log: Code:
OTL Extras logfile created on: 14.02.2013 20:01:40 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,13% Memory free
20,00 Gb Paging File | 18,11 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): c:\pagefile.sys 12288 12288 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,23 Gb Total Space | 130,32 Gb Free Space | 69,98% Space Free | Partition Type: NTFS
Drive M: | 390,62 Gb Total Space | 331,15 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
Drive P: | 390,62 Gb Total Space | 345,04 Gb Free Space | 88,33% Space Free | Partition Type: NTFS
Drive S: | 195,31 Gb Total Space | 42,62 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
Computer Name: ..... | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = 28 4D B2 76 41 04 CA 01 [binary data]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall = 1
DisableNotifications = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall = 1
DisableNotifications = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
EnableFirewall = 1
DisableNotifications = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{07E54400-2BD1-4404-9716-4D8EA4DE5894} = rport=445 | protocol=6 | dir=out | app=system |
{09A9AB53-8DD9-40EC-B1E2-694FBD8DBD7D} = rport=139 | protocol=6 | dir=out | app=system |
{0BA559C5-8D60-49F1-9E3B-9143FFCBD998} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{1509F5F6-1370-441C-BBE8-02CBA3C669B7} = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
{2A39B6D1-D513-4664-8684-1C9B19CCF73E} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{2A516AF8-A264-4E84-AF69-1D0EB8A9E322} = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
{2EE202B2-36D1-40B4-AB77-C4A10BBA40DB} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{37DF1393-92A8-490A-A891-A134D085C691} = rport=138 | protocol=17 | dir=out | app=system |
{39296BA5-7C6B-407A-B168-2A3FE50A999A} = lport=137 | protocol=17 | dir=in | app=system |
{3A05D413-E662-4DF7-A5C9-73BCFE2CACCA} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{44E0A0F6-E7AD-46BD-A3AB-527385894A1D} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{496C1097-4FFB-476D-8126-536AEB9BE3F8} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{5CBAB4E6-CB8D-49DB-8822-45EF3F2B8CC3} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{6E4F5852-842A-40D9-9E94-629EB02F904E} = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{704D6EEF-01B3-40DC-BBEA-3E9070D8E57B} = lport=2869 | protocol=6 | dir=in | app=system |
{8D991D30-A9F8-4253-B054-157B7052C5E9} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{8DEC3FEB-20C9-44BB-B95D-F4063D2E7EA5} = lport=138 | protocol=17 | dir=in | app=system |
{8FD23DFB-D3B7-4F11-9565-2453E327C9C5} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{96481BCE-F58F-4B00-90C7-C44841B73872} = lport=10243 | protocol=6 | dir=in | app=system |
{B172C30C-52AC-465F-82A5-902E4D1887E2} = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{BAFCEB9B-0D71-4556-AA47-A1A52FECE7E3} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{BE63929F-9D2A-458E-A064-EBDA140A2FEA} = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
{C93BB3DA-1B32-48A2-8BD6-ECCF700F5618} = lport=445 | protocol=6 | dir=in | app=system |
{D4ED57DC-4010-4E3D-8D94-E6A17660829D} = rport=137 | protocol=17 | dir=out | app=system |
{D5E3919D-6BBC-4555-B5B4-D1860E2B03C9} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{DFF8BCC4-A22D-4138-AF77-6240327C806A} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{E75AF2A4-AFCE-4AEA-87F6-A92F41C6508F} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
{F2BAB077-BED7-4BA4-BEC5-4E77073434EB} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{F363EAF8-AFA2-4FE1-BE65-6F87A50231BA} = lport=139 | protocol=6 | dir=in | app=system |
{F71CD422-715A-4B6F-AC3A-538D7F12BAA6} = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{19750B4F-82C0-4005-9CAF-C3A189063A87} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
{43D3EE78-410D-4695-8F4B-96750275C6E4} = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
{4E91E7BE-7CB1-4428-92F2-B6D1CE899E77} = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
{5547F602-ABCB-4A0A-A09F-F85B5DE6B615} = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{558C09FD-E4A0-444B-B28F-59FC3E6B435F} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{57CECAD1-AA0C-42FF-8069-117E74765358} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
{593FB00C-FC6F-4430-9154-2B717BD64D6E} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
{60380D15-FBD7-4C8B-BC3C-8967A8F45F07} = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{62A68AED-6884-4D27-837C-33DD97AD0DAA} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{6B95C4F1-21C9-406E-AD93-AE1320CD5D00} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
{6C3CA40A-32CF-410B-8CB7-A78C7932B576} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{7268EE29-6953-4FFE-93AB-675178B42B4D} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{7332D17F-FEE3-42C3-84A5-825C76DC7963} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
{73E75108-BFE1-4E4F-9FBE-0BB7018A1893} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
{7C3CC28B-55C8-44F8-8A66-F5072F2E76D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{803CBD30-1039-43C7-9E4E-2C1DA04F3EE8} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
{878C23B5-3EA6-4FCB-A85B-4B76F9EEED67} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{8BC25A10-01E6-4B0B-94D2-04A58E184E65} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{9563EDB6-1B66-4089-8A84-8CA5297DE2C7} = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{975FA220-208A-4C0D-B358-9E26A3FFF0D1} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
{9F13E84D-2D97-4E6C-90E5-0EEADE9B5FF1} = dir=in | app=p:\htc sync\htcsyncmanager.exe |
{A0582EE6-81C3-440E-A2A1-FDC811C3A234} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{A584B170-F9A7-43FA-A032-8DCD4016FA54} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
{A5ACB58B-8371-46DD-9BEF-BAACC021C3FD} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
{A9B2CA1D-8D8B-4265-A234-93153A56205F} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
{B09AC059-CC0C-46A5-A2A9-8BBCB7911CAD} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
{B9FC76BE-84A8-4A0F-A58D-4C02E78143C1} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
{BEF906F8-5B1D-469A-B0BF-4CAAB2704AB4} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
{C3716975-741B-4E9B-AF26-1774ADA184F0} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
{C6214EB8-D355-4373-82C6-54358DE6FDBD} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
{CCA80023-B485-4541-A2FB-A9F7F8767F74} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{D5FAF219-BCA2-41D6-96F7-2A92AC1A19A0} = protocol=6 | dir=out | app=system |
{E94EDAA1-1AC4-491B-83AB-311F7FFCAF4F} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{F838C6CC-DE62-4FAE-B0A9-0B253678888C} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{F90A1BC3-4B97-429C-AC51-DA356804F42A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{021D38A8-9C22-408A-88A7-6DF6174BFFBA}C:\program files (x86)\java\jre7\bin\javaw.exe = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
UDP Query User{F11308D1-9A4D-4990-AE7C-C16F04D05B00}C:\program files (x86)\java\jre7\bin\javaw.exe = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{0E3DAF3D-FF69-345A-A99E-1FED304CA083} = Microsoft .NET Framework 4 Client Profile DEU Language Pack
{1D8E6291-B0D5-35EC-8441-6616F567A0F7} = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
{21B133D6-5979-47F0-BE1C-F6A6B304693F} = Visual Studio 2010 x64 Redistributables
{2A358F86-3AF5-11E0-A832-B6A6DFD72085} = M-Audio Delta Driver 6.0.5 (x64)
{470BB39A-7231-4077-AD3D-86067AD04604} = Native Instruments Audio 8 DJ
{502275B0-3DA3-44D8-8702-066525CAAE98} = AVG 2013
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{90140000-002A-0000-1000-0000000FF1CE} = Microsoft Office Office 64-bit Components 2010
{90140000-002A-0407-1000-0000000FF1CE} = Microsoft Office Shared 64-bit MUI (German) 2010
{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} = Native Instruments Traktor 2
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel = NVIDIA Systemsteuerung 301.42
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver = NVIDIA Grafiktreiber 301.42
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update = NVIDIA Update 1.8.15
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer = NVIDIA Install Application
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update = NVIDIA Update Components
{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} = SAMSUNG USB Driver for Mobile Phones
{D9B7744C-1C39-49B8-86B3-F930631B4FE2} = AVG 2013
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} = Microsoft .NET Framework 4 Client Profile
AVG = AVG 2013
CCleaner = CCleaner
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack = Microsoft .NET Framework 4 Client Profile DEU Language Pack
WinRAR archiver = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} = PDFCreator
{01E9B2FF-DAF4-4529-9CC9-2101625517C7} = nero.prerequisites.msi
{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B} = Nero Burning ROM 11
{07300F01-89CA-4CF8-92BD-2A605EB83C95} = EasySaver B9.0904.1
{1111706F-666A-4037-7777-211328764D10} = JavaFX 2.1.1
{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51} = Nero ControlCenter 11
{14DC0059-00F1-4F62-BD1A-AB23CD51A95E} = Adobe AIR
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{20D4A895-748C-4D88-871C-FDB1695B0169} = Platform
{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D} = mkv2vob
{26A24AE4-039D-4CA4-87B4-2F83217013FF} = Java 7 Update 13
{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} = RealUpgrade 1.1
{3108C217-BE83-42E4-AE9E-A56A2A92E549} = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
{3DECD372-76A1-4483-BF10-B547790A3261} = ON_OFF Charge B11.0110.1
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{4CEEE5D0-F905-4688-B9F9-ECC710507796} = HTC Driver Installer
{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA} = HTC Sync Manager
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable
{758C8301-2696-4855-AF45-534B1200980A} = Samsung Kies
{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} = RealNetworks - Microsoft Visual C++ 2008 Runtime
{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 = CDBurnerXP
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} = Microsoft Visual C++ 2005 Redistributable
{90140000-0011-0000-0000-0000000FF1CE} = Microsoft Office Professional Plus 2010
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE} = Microsoft Office 2010 Service Pack 1 (SP1)
{90140000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2010
{90140000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2010
{90140000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2010
{90140000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2010
{90140000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2010
{90140000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2010
{90140000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2010
{90140000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2010
{90140000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2010
{90140000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2010
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF} = Microsoft Office 2010 Service Pack 1 (SP1)
{90140000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2010
{90140000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2010
{90140000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2010
{90140000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2010
{90140000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2010
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9BE518E6-ECC6-35A9-88E4-87755C07200F} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
{A048F6D6-BECE-D521-9BC9-B8806BFB118C} = Beatport Downloader
{A7C30414-2382-4086-B0D6-01A88ABA21C3} = VAIO Gate
{AC76BA86-7AD7-1031-7B44-AA1000000001} = Adobe Reader X (10.1.3) - Deutsch
{B1846721-A8E6-46C7-83B6-0DCF7ADB4267} = Nero Burning ROM 11
{BEBEE34D-84A2-4EDD-8BEA-96CC54371263} = Nero Core Components 11
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} = Visual Studio 2008 x64 Redistributables
Adobe AIR = Adobe AIR
Adobe Flash Player ActiveX = Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin
AVMFBox = AVM FRITZ!Box Dokumentation
AVMFBoxPrinter = AVM FRITZ!Box Druckeranschluss
CloneDVD2 = CloneDVD2
com.beatport.BeatportDownloader = Beatport Downloader
ESET Online Scanner = ESET Online Scanner v3
InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} = VIA Plattform-Geräte-Manager
InstallShield_{758C8301-2696-4855-AF45-534B1200980A} = Samsung Kies
Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware Version 1.70.0.1100
Mozilla Firefox 13.0.1 (x86 de) = Mozilla Firefox 13.0.1 (x86 de)
MozillaMaintenanceService = Mozilla Maintenance Service
MPE = MyPhoneExplorer
Native Instruments Audio 8 DJ = Native Instruments Audio 8 DJ
Native Instruments Traktor 2 = Native Instruments Traktor 2
Office14.PROPLUS = Microsoft Office Professional Plus 2010
YTdetect = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2013 09:16:02 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2013 11:56:13 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 03:53:56 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 05.02.2013 03:39:23 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 05.02.2013 07:03:17 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 06.02.2013 03:36:18 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2013 04:15:28 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2013 13:14:22 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 08.02.2013 03:01:43 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 08.02.2013 12:27:08 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.12.2012 11:34:21 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.12.2012 11:34:25 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.12.2012 11:38:15 | Computer Name = ..... | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AVGIDSAgent erreicht.
Error - 12.12.2012 11:38:15 | Computer Name = ..... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 13.12.2012 02:20:59 | Computer Name = ..... | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AVGIDSAgent erreicht.
Error - 13.12.2012 02:20:59 | Computer Name = ..... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 13.12.2012 02:21:00 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 13.12.2012 02:21:05 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 13.12.2012 02:24:48 | Computer Name = ..... | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AVGIDSAgent erreicht.
Error - 13.12.2012 02:24:48 | Computer Name = ..... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
< End of report >
|
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
Textbox. 
WARNUNG an die MITLESER: