Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC geht bei Internetnutzung aus (https://www.trojaner-board.de/131690-pc-geht-internetnutzung.html)

Simmy87 01.03.2013 14:24
PC geht bei Internetnutzung aus
 
Hallo,
mein PC geht neuerdings bei der Benutzung vom Internet aus. Wenn ich eine Seite öffnen will (egal welche) oder nach längerer Zeit wieder ins Internet gehe, fäht mein PC selbstständig runter. Es kommt dann ein blauer Hintergrund auf dem steht, dass man den Pc ausschalten soll, wenn diese Meldung das erste Mal auftritt, bei mehrmaligem Auftreten solle man neu installierte Programme löschen oder neu installieren. Diese Fenster geht aber auch immer sehr schnell wieder weg, sodass ich nicht wirklich lesen kann, was darin steht.
Danach kommen die Optionen, ob man den PC normal oder im abgesichterten Modus starten will.

Ich habe leider keine Ahnung, wo das herkommen kann und hoffe, mir kann hier jemand helfen.
Vielen Dank schon mal.

cosinus 02.03.2013 13:47
Hallo,

Betriebssystem, Browser? :glaskugel:
Seit wann hast du das, was wurde am Rechner gemacht bevor dieses Problem dann auftauchte?

Simmy87 02.03.2013 18:22
Hey, ich habe es seit ca. 2 Tagen. Davor habe ich eigentlich nichts besonderes gemacht, nur Antivier neu installiert, da der Browser-Schutz nicht funktioniert hat...

cosinus 03.03.2013 18:09
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Simmy87 04.03.2013 11:06
Code:
OTL logfile created on: 04.03.2013 10:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Therese_2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,88% Memory free
7,82 Gb Paging File | 5,99 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 396,03 Gb Free Space | 87,81% Space Free | Partition Type: NTFS
 
Computer Name: THERESE-PC | User Name: Therese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Therese_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE499
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\..\SearchScopes\{AB79D812-557F-4703-91EF-8F326C1E52A6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=693b7fca-ccea-494f-8e2e-331666a21b67&apn_sauid=BD646EAF-F4C8-414F-87DF-4D3E806177E1
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 28 13 AE C9 BF CC 01  [binary data]
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\..\SearchScopes\{64D7993C-0A88-44C6-BD8F-0C26EF8D8C35}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=693b7fca-ccea-494f-8e2e-331666a21b67&apn_sauid=BD646EAF-F4C8-414F-87DF-4D3E806177E1
IE - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.09.19 09:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.30 14:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.30 14:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.30 14:05:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.30 14:05:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.30 14:05:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.30 14:05:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.30 14:05:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.30 14:05:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.30 14:05:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Therese\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Therese\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Therese\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-2898780312-2863283394-2695613679-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001..\Run: [IExplorer Util] C:\Users\Therese_2\AppData\Roaming\ie_util.exe File not found
O4 - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2898780312-2863283394-2695613679-1001..\Run: [Zulocasay] C:\Users\Therese_2\AppData\Roaming\Hiit\peygd.exe File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43BC3E8E-2527-46DF-B68E-7FABC5F6DEB3}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97D618A0-BEAB-491E-8A54-0F8558C81EDB}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 13:55:18 | 000,000,000 | R--D | C] -- C:\Users\Therese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.02.28 14:42:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.28 14:42:24 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013.02.28 13:30:52 | 000,000,000 | ---D | C] -- C:\TEMP
[2013.02.28 13:30:52 | 000,000,000 | ---D | C] -- \TEMP
[2013.02.28 13:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.28 13:10:40 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.28 13:10:40 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.28 13:10:40 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.28 13:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.28 11:32:54 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013.02.28 09:30:42 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013.02.28 09:30:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 09:30:42 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013.02.28 09:30:42 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013.02.28 09:30:36 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013.02.28 09:30:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013.02.28 09:30:34 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 09:30:34 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 09:30:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 09:30:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 09:30:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 09:30:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 09:30:33 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013.02.28 09:30:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013.02.28 09:30:33 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 09:30:33 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013.02.28 09:30:33 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 09:30:33 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 09:30:32 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013.02.28 09:30:32 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013.02.28 09:30:32 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013.02.28 09:30:32 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013.02.28 09:30:32 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013.02.28 09:30:32 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013.02.28 09:30:32 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013.02.28 09:30:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 09:30:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 09:30:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 09:30:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 09:30:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 09:30:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 09:30:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 09:30:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 09:30:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 09:30:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 09:30:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013.02.28 09:30:31 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013.02.28 09:30:31 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013.02.28 09:30:31 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013.02.28 09:30:31 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013.02.28 09:30:31 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013.02.24 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Therese\AppData\Local\APN
[2013.02.24 13:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.15 09:08:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.02.15 09:08:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.02.15 09:08:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.02.15 09:08:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.02.15 09:08:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.02.15 09:08:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.02.15 09:08:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.02.15 09:08:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.02.15 09:08:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.02.15 09:08:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.02.15 09:08:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.02.15 09:08:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.02.15 09:08:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.02.15 09:08:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.02.15 09:08:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.02.14 09:29:36 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.02.14 09:29:35 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.02.14 09:29:35 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.02.14 09:29:29 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.02.14 09:29:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.02.14 09:29:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.02.14 09:29:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.02.14 09:29:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.02.14 09:29:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.02.14 09:29:28 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.06 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Therese\Desktop\Citavi 3
[2013.02.06 16:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.04 10:04:30 | 001,643,460 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.04 10:04:30 | 000,708,316 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.04 10:04:30 | 000,663,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.04 10:04:30 | 000,151,810 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.04 10:04:30 | 000,124,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.04 10:01:00 | 000,000,260 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
[2013.03.04 09:59:00 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2013.03.04 09:57:08 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.04 09:56:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.04 09:56:43 | 463,582,930 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.03.04 09:56:39 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 09:54:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.04 09:48:13 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 09:48:13 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 22:22:09 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.28 13:11:04 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.27 19:04:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 19:04:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.20 12:00:00 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.02.15 09:46:12 | 000,464,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.28 13:11:04 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.28 11:32:48 | 463,582,930 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.04.30 20:01:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.19 10:55:32 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.09.19 10:55:31 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.09.19 10:55:31 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.09.19 10:55:31 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.09.19 10:55:30 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011.09.19 10:55:30 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.09.19 10:54:09 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011.09.19 10:54:05 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011.09.19 10:54:05 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011.09.19 10:54:05 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011.09.19 10:54:05 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011.09.19 10:54:05 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011.09.19 10:48:15 | 000,003,409 | -H-- | C] () -- \dell.sdr
[2011.09.19 09:15:26 | 000,000,031 | ---- | C] () -- \tmuninst.ini
[2011.09.19 08:43:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.09.19 08:40:11 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011.09.19 08:37:40 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.09.19 08:32:42 | 001,621,354 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.09.19 08:30:37 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.09.19 08:18:06 | 3148,222,464 | -HS- | C] () -- \hiberfil.sys
[2011.07.29 12:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011.07.29 12:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011.05.12 05:57:52 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.02.23 14:08:04 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011.02.23 14:08:02 | 000,383,786 | RHS- | C] () -- \bootmgr
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
OTL Extras logfile created on: 04.03.2013 10:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Therese_2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,88% Memory free
7,82 Gb Paging File | 5,99 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 396,03 Gb Free Space | 87,81% Space Free | Partition Type: NTFS
 
Computer Name: THERESE-PC | User Name: Therese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2898780312-2863283394-2695613679-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2898780312-2863283394-2695613679-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{526F056E-6FB1-46A7-9E09-94686414C180}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{69DD3B60-CA69-49E5-BF07-7A5C53394765}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{8B443EFE-9E62-49E6-8C7B-C7D503C50B2A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{DE1D893E-EDA1-4E9E-9D78-9E2AC0FE19C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FDA8B2BA-E6F9-4915-B053-7493EC40A937}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21750618-A8F9-4FEC-A714-AFCE3CB50D8D}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{3F4EF2F1-548A-4F8D-B892-604B10B41A78}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3FCD90AD-CCE8-4381-BE0F-889D4F36FDB9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5C53D896-4FE1-4DF7-A5A8-42075EFB07E3}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{7913DAB1-094B-4ED2-9769-7A33C8E3D6EA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{DA47ED59-A178-485F-B1DA-2789C49408C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E218F3FA-4637-4BA1-9D37-0F63853A062A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E8A6017A-7CD9-4949-AA88-88685CA1FF65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{71F5477E-82BF-4150-9BC4-C5ADE162C41A}C:\users\therese_2\appdata\roaming\hiit\peygd.exe" = protocol=6 | dir=in | app=c:\users\therese_2\appdata\roaming\hiit\peygd.exe |
"TCP Query User{F541BE30-41C0-4BBC-AB31-32DD55F14253}C:\users\therese_2\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\therese_2\appdata\roaming\spotify\spotify.exe |
"UDP Query User{10F530D0-E4A1-4439-A248-FF2AA8C5548A}C:\users\therese_2\appdata\roaming\hiit\peygd.exe" = protocol=17 | dir=in | app=c:\users\therese_2\appdata\roaming\hiit\peygd.exe |
"UDP Query User{8B130C83-764D-4407-8A18-12F4E7955882}C:\users\therese_2\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\therese_2\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F7AD7D4-0DD8-74F1-1053-878BE7A86DE4}" = ccc-utility64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5409411D-CD72-432D-B823-1B520B24BD3C}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{58C50F85-1CB8-7C68-8235-003814E701F0}" = ATI Catalyst Install Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{94B498F4-EE52-F145-3691-8CC2159F058F}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EDBC8AED-78A3-424E-ADB6-C7B1424FFAFD}" = Studie zur Verbesserung von HP Photosmart 5510 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11081E1B-9D55-63DD-67FE-8AC8D08834C9}" = PX Profile Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28B38D62-7F3E-B1FE-9938-042E35A5F9F9}" = CCC Help Danish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{434FDAA5-53FC-FDD7-4AD6-73460F022522}" = CCC Help Japanese
"{452D2CA0-D1DD-00F8-0571-9BDE0A78D2F9}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A0780-E173-0917-8D1A-C3DEEBA22259}" = CCC Help Finnish
"{4EF9BCB6-39E9-2C63-6004-398930CB90DC}" = CCC Help Chinese Standard
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55C82F5C-AA82-731D-A9DA-0A8A858FACE2}" = CCC Help French
"{578EAD95-CF7C-B58F-91CE-79FF64F7B3C1}" = Catalyst Control Center InstallProxy
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5DCA7A4E-B19B-5CB6-81F3-BCAF5A0F5AEE}" = CCC Help Spanish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66C994C8-82E1-ABC0-1A60-976D92EC276E}" = Catalyst Control Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7B50221F-71D1-B508-E9CC-511075E99E26}" = CCC Help Italian
"{816D878A-9DD1-F2D0-11D1-53605855A45B}" = CCC Help Dutch
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9225AB17-709E-289C-DE15-620C2A27B076}" = CCC Help Russian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAD953F-16A8-CCD4-014A-A91625F2F478}" = CCC Help German
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3C7CB7F-A7C5-A89B-28B7-29855FB32CD8}" = CCC Help Korean
"{B47B373D-F19A-884E-AB54-089CF7E2978C}" = CCC Help Portuguese
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{CA4F92E6-9422-BE95-CC1C-4B293BF7C33C}" = CCC Help English
"{CD30B24A-59C9-5478-6B05-3D6732036AB6}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40E5EDC-5DC0-59E5-3739-37B1D1906690}" = CCC Help Chinese Traditional
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E779C9F8-B190-AB65-9E8D-992BB30F224C}" = CCC Help Norwegian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC6FCB65-EA7E-8B1A-818D-A9B57E279EF0}" = Catalyst Control Center Profiles Mobile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PROPLUS" = Microsoft Office Professional Plus 2007
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2012 13:53:16 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 13:54:40 | Computer Name = Therese-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.09.2012 13:55:39 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 14:03:10 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 14:03:10 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 17:08:41 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 17:08:41 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 17:08:41 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 03.09.2012 17:08:41 | Computer Name = Therese-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 04.09.2012 02:23:01 | Computer Name = Therese-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 03.03.2013 09:56:19 | Computer Name = THERESE-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 03.03.2013 10:11:06 | Computer Name = Therese-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?03.?2013 um 15:10:02 unerwartet heruntergefahren.
 
Error - 03.03.2013 10:11:23 | Computer Name = Therese-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 03.03.2013 15:13:18 | Computer Name = Therese-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?03.?2013 um 20:12:30 unerwartet heruntergefahren.
 
Error - 03.03.2013 15:13:28 | Computer Name = THERESE-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 03.03.2013 18:15:02 | Computer Name = Therese-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.03.2013 04:40:11 | Computer Name = Therese-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?03.?2013 um 09:39:35 unerwartet heruntergefahren.
 
Error - 04.03.2013 04:40:13 | Computer Name = THERESE-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 04.03.2013 04:56:45 | Computer Name = Therese-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?03.?2013 um 09:56:03 unerwartet heruntergefahren.
 
Error - 04.03.2013 04:56:47 | Computer Name = THERESE-PC | Source = BugCheck | ID = 1001
Description =
 
 
< End of report >

cosinus 04.03.2013 11:49
Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Simmy87 04.03.2013 11:52
Nein, ist mein eigener Heimcomputer. Ich kenne mich leider mit PC nicht aus, deswegen weiß ich nicht so genau, was du meinst... Sorry!

cosinus 04.03.2013 12:18
Schon klar, aber wer hat dieses Windows installiert, wo kommt es her?

Simmy87 04.03.2013 12:21
hmm, mein Vater. Ich weiß nicht, woher er es hat... Aber das ist ja auch schon seit einem Jahr auf dem PC, die Probleme haben haber erst vor ca. 4 Tagen begonnen...

cosinus 04.03.2013 12:22
Downloade Dir bitte WVCheck von Artellos.com
  • Speichere die Datei auf dem Desktop. ( solltest Du dir die .zip Datei herunter geladen haben musst Du diese zuerst entpacken )
  • Starte die .exe mit Doppelklick
    Vista und Win7 User: mit Rechtsklick "als Admin ausführen" starten
  • Wie beschrieben, kann das Tool eine Weile brauchen.
  • Wenn es erledigt ist, kopiere den Inhalt des Textdokumentes hier in deinen Thread

Simmy87 04.03.2013 13:01
Wenn ich es herunterladen will, kommt eine Warnmeldung, dass dieses Programm Schaden auf dem Computer anrichten kann. Soll ich es trotzdem herunterladen?

cosinus 04.03.2013 13:45
Natürlich sollst du das, oder glaubst du in unseren Anleitungen wollen wir den Hilfesuchenden Schädliunge unterjubeln :wtf:

Simmy87 04.03.2013 14:02
Hey, tut mir leid, wenn das falsch rübergekommen ist. Ich wollte dir nichts unterstellen, sondern mich nur vergewissern, dass ich das Richtige mache. Sorry

Code:
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1349_04-03-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2013-03-04 08:44:35
Last Success Time for Update Download: 2013-02-27 19:58:24
Last Success Time for Update Installation: 2013-02-28 08:32:27


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

cosinus 04.03.2013 14:10
Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Simmy87 04.03.2013 20:32
Code:
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-04 20:27:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Therese\AppData\Local\Temp\uwdirfob.sys


---- User code sections - GMER 2.1 ----

?      C:\windows\system32\mssprxy.dll [2692] entry point in ".rdata" section                                                                                000000006c4471e6
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4072] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076ef1465 2 bytes [EF, 76]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4072] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076ef14bb 2 bytes [EF, 76]
.text  ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\windows\SysWOW64\ntdll.dll [1356:1416]                                                                                                              00000000002ed227
Thread  C:\windows\SysWOW64\ntdll.dll [1356:4156]                                                                                                              000000007281e2db
Thread  C:\windows\SysWOW64\ntdll.dll [1356:4412]                                                                                                              000000006ca88e00
Thread  C:\windows\SysWOW64\ntdll.dll [1356:4416]                                                                                                              000000006ca88e00
Thread  C:\windows\SysWOW64\ntdll.dll [1356:4420]                                                                                                              000000006ca88e00
Thread  C:\windows\SysWOW64\ntdll.dll [1356:4424]                                                                                                              000000006ca84e80

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9bbfa16                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc                                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9bbfa16 (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet)                                                       

---- EOF - GMER 2.1 ----
so die mbar kommt noch. Das Entpacken klappt noch nicht so richtig ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:50 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131