Seite 2 von 2 ErsteErste 1 2
Ergebnis 11 bis 20 von 20

Thema: snap.do

  1. #11
    Registriert seit
    17.04.2008
    Beiträge
    53
    Nein, natürlich nicht. Dachte Du wolltest es vielleicht wegen der Grösse doch als Anhang. Hier also der zweite Teil:

    DRV - [2013.05.22 12:34:26 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012.12.22 10:17:24 | 000,045,040 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (Rockusb)
    DRV - [2012.09.04 06:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
    DRV - [2012.06.26 13:20:55 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
    DRV - [2012.06.26 13:20:38 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
    DRV - [2012.06.26 13:20:34 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
    DRV - [2012.06.26 13:19:47 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
    DRV - [2012.06.26 13:19:46 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67)
    DRV - [2012.06.26 13:19:40 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
    DRV - [2012.06.26 13:19:38 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
    DRV - [2011.05.11 18:41:46 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011.04.21 02:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdi v.sys -- (SYMTDIv)
    DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp. sys -- (SRTSP)
    DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx .sys -- (SRTSPX)
    DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa .sys -- (SymEFA)
    DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds. sys -- (SymDS)
    DRV - [2011.01.27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx8 6.sys -- (SymIRON)
    DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2008.11.17 09:39:49 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2008.11.17 09:39:49 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2008.05.30 11:17:58 | 000,029,824 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
    DRV - [2008.05.23 08:38:02 | 007,437,792 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008.02.29 09:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2008.01.15 12:25:24 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008.01.15 12:16:22 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2008.01.15 12:16:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/ig/dell?hl=de&c...ch&ibd=6081031
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ch/webhp?nord=1 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFF [2014.01.02 15:41:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2014.01.03 21:33:48 | 000,000,000 | ---D | M]

    [2013.01.08 17:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Casartelli\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inpu tEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={la nguage}&q={searchTerms}
    CHR - homepage: http://www.google.com
    O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Swisscom Quick Help] C:\Program Files\Swisscom\Quick Help\SwisscomQuickHelp.exe (Swisscom)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\ KiesPDLR.exe (Samsung)
    O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found
    O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKCU..\Run: [MyCuteBuddy] "C:\Program Files\My Cute Buddy\myCuteBuddy.exe" "file:///C:/Program Files/My Cute Buddy/Content/Cute Kitty/piticho.buddy" /m /u File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

  2. #12
    Registriert seit
    17.04.2008
    Beiträge
    53
    Teil 3

    O4 - HKCU..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLinkedConnections = 1
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} http://order.ifolor.ch/ORDERINGGENER...oader_chkr.cab (IfolorUploader Control)
    O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} http://chkr-web.ifolor.net/app_suppo...oader_chkr.cab (IfolorUploader Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{E2005EF4-363A-48D1-9CF6-570B30A4F2A2}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{E2005EF4-363A-48D1-9CF6-570B30A4F2A2}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{8da44300-b2e8-11dd-b5ef-001e4ce6a79c}\Shell\AutoRun\command - "" = L:\wd_windows_tools\setup.exe
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\wd_windows_tools\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TimounterMonito r.exe (Acronis)
    MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - File not found
    MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2014.01.03 20:45:19 | 000,000,000 | ---D | C] -- C:\Users\Markus Casartelli\AppData\Roaming\Malwarebytes
    [2014.01.03 20:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014.01.03 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014.01.03 20:45:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014.01.03 20:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2014.01.03 10:20:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013.12.22 10:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014.01.03 21:38:41 | 010,802,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2014.01.03 21:38:41 | 003,747,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014.01.03 21:38:41 | 003,410,324 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2014.01.03 21:38:41 | 003,104,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014.01.03 21:32:17 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014.01.03 21:32:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014.01.03 21:32:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

  3. #13
    Registriert seit
    17.04.2008
    Beiträge
    53
    Teil 4

    [2014.01.03 21:32:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014.01.03 21:30:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2014.01.03 21:17:56 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014.01.03 21:10:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014.01.03 20:45:08 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014.01.03 20:25:33 | 000,000,869 | ---- | M] () -- C:\Users\Markus Casartelli\Desktop\Search.lnk
    [2014.01.02 19:00:58 | 430,943,453 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013.12.22 10:22:31 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013.12.16 20:00:00 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Markus Casartelli.job
    [2013.12.13 12:19:37 | 000,339,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013.12.11 17:35:28 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014.01.03 20:45:08 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.12.22 10:22:31 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013.07.15 10:35:21 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2013.07.15 10:35:21 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2013.06.30 09:52:54 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll
    [2013.06.30 09:52:54 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
    [2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011.01.19 16:22:58 | 000,001,940 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009.06.15 18:39:26 | 000,000,680 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Local\d3d9caps.dat
    [2009.01.10 15:11:22 | 000,000,539 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Local\ioiswsm_navps.dat
    [2009.01.10 15:11:21 | 000,146,323 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Local\ioiswsm_nav.dat
    [2009.01.10 15:11:21 | 000,003,236 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Local\ioiswsm.dat
    [2008.11.24 07:49:22 | 000,000,166 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Roaming\default.rss
    [2008.11.24 07:49:22 | 000,000,000 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Roaming\downloads.m3u
    [2008.11.15 08:47:31 | 000,093,184 | ---- | C] () -- C:\Users\Markus Casartelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011.06.29 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\0DB47DD7-1322-4F60-8062-B9080F8BBE32
    [2012.03.06 18:53:35 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\ACD Systems
    [2013.11.12 17:39:05 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\ACER ASPIRE V3-772G user guide
    [2013.01.05 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\Acronis
    [2010.06.06 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\Canon
    [2010.03.14 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\EasyTax
    [2012.06.26 13:20:54 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\F5190897-A83A-4238-B369-1F830FA3686E
    [2009.01.20 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\GARMIN
    [2008.12.28 14:05:44 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\IPACS
    [2013.05.06 07:49:14 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\JAM Software
    [2011.03.06 12:22:37 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\PCDr
    [2013.07.15 10:31:10 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\Samsung
    [2010.05.03 20:48:40 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\Tific
    [2012.11.22 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Markus Casartelli\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*. >
    [2012.11.22 19:04:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
    [2010.06.22 21:38:44 | 000,000,000 | ---D | M] -- C:\2f7d236f9ed2361c5c206ddf55b23493
    [2011.05.29 09:17:53 | 000,000,000 | ---D | M] -- C:\49b866f6e6fa6a564076
    [2010.05.12 06:22:42 | 000,000,000 | ---D | M] -- C:\4b673dc85e16be115ab557c5
    [2010.05.03 21:46:53 | 000,000,000 | ---D | M] -- C:\5a67005db07e840b481a80
    [2012.06.17 09:07:56 | 000,000,000 | ---D | M] -- C:\6c5a9624a0ea50a2d610f617ff
    [2012.10.02 17:23:03 | 000,000,000 | ---D | M] -- C:\88c8620e6764373c21
    [2012.09.29 07:32:17 | 000,000,000 | ---D | M] -- C:\8c406a8528c4e799f74809b61c
    [2013.04.15 18:52:13 | 000,000,000 | ---D | M] -- C:\a0114dbd269ef78224
    [2011.06.02 08:10:19 | 000,000,000 | ---D | M] -- C:\Adobe Photoshop 7
    [2014.01.03 20:25:37 | 000,000,000 | ---D | M] -- C:\AdwCleaner
    [2012.04.18 16:12:35 | 000,000,000 | ---D | M] -- C:\Bilder für TV
    [2009.08.09 14:07:11 | 000,000,000 | -HSD | M] -- C:\Boot
    [2012.06.17 09:09:49 | 000,000,000 | ---D | M] -- C:\ce157cb62ae9cd3b2e7a88c3ba77b0
    [2011.03.06 12:25:02 | 000,000,000 | ---D | M] -- C:\DELL
    [2008.10.31 20:52:39 | 000,000,000 | ---D | M] -- C:\doctemp
    [2008.11.11 17:33:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
    [2008.10.31 20:53:01 | 000,000,000 | ---D | M] -- C:\Drivers
    [2012.12.02 19:48:48 | 000,000,000 | ---D | M] -- C:\E-Book
    [2012.12.22 10:19:43 | 000,000,000 | ---D | M] -- C:\e-book4
    [2013.03.09 09:59:44 | 000,000,000 | ---D | M] -- C:\e962d511b9e69b66cbb0
    [2011.06.02 07:16:08 | 000,000,000 | R--D | M] -- C:\Eigene Musik
    [2010.05.30 10:09:27 | 000,000,000 | ---D | M] -- C:\fc24e6c3a0b009c18cd8d73746
    [2014.01.02 15:41:46 | 000,000,000 | ---D | M] -- C:\Firefox
    [2011.03.08 20:54:56 | 000,000,000 | ---D | M] -- C:\Garmin
    [2012.01.07 18:02:54 | 000,000,000 | ---D | M] -- C:\LA. Noire original
    [2012.03.03 22:14:45 | 000,000,000 | ---D | M] -- C:\LA.Noire
    [2011.06.02 07:54:07 | 000,000,000 | ---D | M] -- C:\Mein Garmin
    [2008.11.11 17:58:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
    [2013.05.05 10:06:45 | 000,000,000 | ---D | M] -- C:\PerfLogs
    [2011.06.01 18:42:28 | 000,000,000 | ---D | M] -- C:\Previous iTunes Libraries
    [2014.01.03 20:45:03 | 000,000,000 | R--D | M] -- C:\Program Files
    [2008.10.31 13:31:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
    [2014.01.03 20:45:05 | 000,000,000 | -H-D | M] -- C:\ProgramData
    [2008.11.11 17:33:31 | 000,000,000 | -HSD | M] -- C:\Programme
    [2012.01.06 18:36:55 | 000,000,000 | ---D | M] -- C:\Spiele
    [2014.01.03 21:55:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
    [2010.07.26 19:03:46 | 000,000,000 | ---D | M] -- C:\Users
    [2008.11.17 09:12:00 | 000,000,000 | ---D | M] -- C:\WebUpdater
    [2014.01.02 19:00:58 | 000,000,000 | ---D | M] -- C:\Windows

    < %PROGRAMFILES%\*.exe >

    < %LOCALAPPDATA%\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83 bb287ccdb7e3\explorer.exe
    [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177 ca9879e978e8\explorer.exe
    [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4 f8c7931bd1e1\explorer.exe
    [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0 201e76de3a0b\explorer.exe
    [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033 cb5995cd990b\explorer.exe
    [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4 a71279bc6ebf\explorer.exe

    < MD5 for: REGEDIT.EXE >
    [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
    [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb5 64dbd8a697\regedit.exe

    < MD5 for: USERINIT.EXE >
    [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28 ba15d1aff80b\userinit.exe

    < MD5 for: WININIT.EXE >
    [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b 8cf0450a6a2\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae 7a22d2134741\winlogon.exe
    [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc3 0116d4f17bf5\winlogon.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-12-14 08:23:25

    < End of report >

  4. #14
    Registriert seit
    17.04.2008
    Beiträge
    53
    Hier noch Das Extra File: Teil 1

    OTL Extras logfile created on: 03.01.2014 21:40:29 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susi\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

    3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.29% Memory free
    6.20 Gb Paging File | 4.62 Gb Available in Paging File | 74.55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1387.20 Gb Total Space | 1142.75 Gb Free Space | 82.38% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 1.77 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
    Drive E: | 35.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MUGI | User Name: Markus Casartelli | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
    "{13E434BF-C135-44FE-ADB8-28E76E33BDE8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{24F77FCC-6DA5-4B38-A027-806699921929}" = rport=139 | protocol=6 | dir=out | app=system |
    "{39E49FDD-2214-465B-97FE-2D3B96B073AA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{42064B6D-9A3F-4633-921C-4F90175735B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{543F3C88-27B3-414A-93CB-7393192062D3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{678356F3-D4FE-4064-A110-FCA6518187BF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{68DD8FDE-FA48-4B6C-BBE0-205E20FEFA99}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6C5884CA-D16F-4681-9DE7-9026C4401BB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6F848842-AFF0-4A58-BA7E-FCAFE21F7E92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{82187B9F-7B3E-4416-8272-6BA997AAE8F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8339145F-997E-4AE7-A268-A55C86710CBD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{924F73D8-0070-45FF-9370-62E8C47BA980}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{A84138B3-AFC1-4DD2-BEA2-53AAC39D8416}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AA52E5E0-3F06-4EDB-B884-AF7D0FABB630}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{AC5B42E2-41F8-40FA-9830-9F54E7F9F477}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{BC02848B-BE23-4E6D-BE08-136DC00E4F9E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BDE5A255-A2E6-4C36-9C70-AF08E7AA0D4A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{C3310F20-E4E4-461F-804F-E90E563A9509}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D7936349-1743-4A88-BF6D-BD6AFE774BCA}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DAD6D54F-5C13-4A14-9F8E-9356AC27D6B0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{DF461073-3CF3-4659-BAD7-EE20EA80D0D7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{FC0F326C-D2EF-4E8D-AA9F-0D4DF1254B66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
    "{021E6EB4-2397-4D4B-85AF-4EAADAF75542}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{08EAF3CB-96D5-406C-9B09-D04E02ECF066}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
    "{0E46B033-7420-423A-85EB-ADF94093A979}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{191C36B3-228D-4F08-87B9-0B90B50D4AAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1D00827C-D21A-4965-B31C-43880C8476FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2D847AAC-C01D-4A8C-B91A-C43A7F40FE0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3C0152B3-BD88-41AD-82A5-439AF63616B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{42796505-7722-41D6-942D-1C350267ACBD}" = protocol=6 | dir=in | app=c:\program files\swisscom\quick help\swisscomquickhelp.exe |
    "{42F61540-B196-45C6-9D3B-F08BC1D41810}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
    "{5E68A049-025A-43A6-9744-258F42F28801}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6486D5AC-DE0E-4B5C-98BB-9401CE862F20}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{7ECFAEE6-83B0-4B6C-8095-72859767BA75}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{83D65026-BDC2-437E-8EF6-BEE1750AF750}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8A354C89-E03E-40D3-9002-9E9912F1E3FF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{8C577BCF-9450-49BC-9B3D-D9E897CBFE14}" = protocol=6 | dir=out | app=system |
    "{919C8F84-8BD5-4DE0-806E-2F07536F6D2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{9E67C56B-1CAB-4C52-B52D-B0522DFCFEF9}" = protocol=17 | dir=in | app=c:\program files\swisscom\quick help\swisscomquickhelp.exe |
    "{A2C0FB16-D255-4DA4-9447-DD4C91EAD93F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A2C8B0D0-0C92-4EB6-8369-A1B9249D3AB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A454425D-8677-41DF-AF39-4737CE36DC7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AFC10CB8-22D7-4A7F-B2E2-D538211E19EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B31428D6-FBA9-49C9-BD62-B06C0A6A4A90}" = protocol=6 | dir=in | app=c:\program files\swisscom\quick help\swisscomquickhelp.exe |
    "{B85693FD-5574-4BEA-86D2-A038305A146F}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{DD5E354D-03A9-438A-AFA1-0C9ADF518CF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E28CBF6B-55FD-419A-A997-CDAE90CB0470}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EBB94BA9-B2D6-4CA7-8BD2-829C94BFE682}" = protocol=17 | dir=in | app=c:\program files\swisscom\quick help\swisscomquickhelp.exe |
    "{F28A52B5-DED8-4FB9-8F2E-F637684522AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F4060129-2FFF-45EB-8AAC-135E0736B9D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F844C231-9934-44EC-B19C-42F74BB35376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

  5. #15
    Registriert seit
    17.04.2008
    Beiträge
    53
    Extra File Teil 2

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
    "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
    "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    "{05BFF1EB-2C38-4AB8-9A4C-6BD92F460162}" = Topo Schweiz
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E105942-593C-4C48-AB3D-BEC2124F5FCE}" = Garmin City Navigator Europe NT 2008
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{38B9A4E1-4482-44D9-AC14-64F70938CCB5}" = Garmin MapSource
    "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
    "{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
    "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
    "{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
    "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6BFC74AD-28C8-4A86-B1E5-B92D3F57C78E}" = MyCuteBuddy
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7DA0FBA4-BA6E-4F15-909E-796C28B41C10}" = Plus Pack für Acronis True Image Home 2012
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{85e0983c-2c3a-4ff4-a003-0a9694d4214a}" = Nero 9
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
    "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
    "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
    "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}" = Acronis*True*Image*Home 2012
    "{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible" = Acronis*True*Image*Home 2012
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

  6. #16
    Registriert seit
    17.04.2008
    Beiträge
    53
    Extra File Teil 3

    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3E77E78-4444-4F0D-B98F-AD4F7485A4F9}" = Snap.Do
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
    "{ECAAA277-1845-462A-8082-4F25904D8794}" = PEARL PrintProfi Deluxe
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
    "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
    "3785-6780-1293-3574" = EasyTax 2012 AG 1.0
    "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "DPP" = Canon Utilities Digital Photo Professional 3.6
    "EasyTax 2008 AG 1.0" = EasyTax 2008 AG 1.0
    "EasyTax 2009 AG 1.0" = EasyTax 2009 AG 1.0
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EOS Utility" = Canon Utilities EOS Utility
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "ifolor-Designer" = ifolor Designer
    "InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
    "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MyCamera" = Canon Utilities MyCamera
    "MyCuteBuddy" = MyCuteBuddy
    "NIS" = Norton Internet Security
    "NVIDIA Drivers" = NVIDIA Drivers
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PC-Doctor for Windows" = Dell Support Center
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "PremElem40" = Adobe Premiere Elements 4.0
    "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "Sound Rescue Terratec 2.1" = Sound Rescue Terratec 2.1
    "Swisscom Quick Help" = Swisscom Quick Help
    "WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
    "WinLiveSuite" = Windows Live Essentials
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
    "{7cb3e4ed-5940-4a05-bbcd-115dfc847102}" = Snap.Do Engine
    "{FB85528A-3FCC-49AF-ACDE-52EF26DE1715}" = easyFly 3 Starter Edition

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 03.01.2014 12:51:04 | Computer Name = Mugi | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

    Error - 03.01.2014 15:28:53 | Computer Name = Mugi | Source = WinMgmt | ID = 10
    Description =

    Error - 03.01.2014 15:34:37 | Computer Name = Mugi | Source = LoadPerf | ID = 3012
    Description =

    Error - 03.01.2014 15:34:37 | Computer Name = Mugi | Source = LoadPerf | ID = 3012
    Description =

    Error - 03.01.2014 15:34:37 | Computer Name = Mugi | Source = LoadPerf | ID = 3011
    Description =

    Error - 03.01.2014 16:32:28 | Computer Name = Mugi | Source = Application Error | ID = 1000
    Description = Fehlerhafte Anwendung MsMpEng.exe, Version 4.4.304.0, Zeitstempel
    0x5268454d, fehlerhaftes Modul mpengine.dll, Version 1.1.10201.0, Zeitstempel 0x529e99a3,
    Ausnahmecode 0xc0000005, Fehleroffset 0x00116759, Prozess-ID 0x58c, Anwendungsstartzeit
    01cf08c2df1cacaf.

    Error - 03.01.2014 16:32:30 | Computer Name = Mugi | Source = WinMgmt | ID = 10
    Description =

    Error - 03.01.2014 16:38:37 | Computer Name = Mugi | Source = LoadPerf | ID = 3012
    Description =

    Error - 03.01.2014 16:38:37 | Computer Name = Mugi | Source = LoadPerf | ID = 3012
    Description =

    Error - 03.01.2014 16:38:37 | Computer Name = Mugi | Source = LoadPerf | ID = 3011
    Description =

    [ OSession Events ]
    Error - 17.08.2009 15:16:55 | Computer Name = Mugi | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 397
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 12.10.2009 23:33:06 | Computer Name = Mugi | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12.11.2009 15:15:01 | Computer Name = Mugi | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 314
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 03.04.2013 11:16:31 | Computer Name = Mugi | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1742
    seconds with 1020 seconds of active time. This session ended with a crash.

    Error - 19.10.2013 09:39:11 | Computer Name = Mugi | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 915
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 03.01.2014 07:09:23 | Computer Name = Mugi | Source = Service Control Manager | ID = 7031
    Description =

    Error - 03.01.2014 07:09:23 | Computer Name = Mugi | Source = Service Control Manager | ID = 7034
    Description =

    Error - 03.01.2014 07:09:23 | Computer Name = Mugi | Source = Service Control Manager | ID = 7031
    Description =

    Error - 03.01.2014 07:09:23 | Computer Name = Mugi | Source = Service Control Manager | ID = 7031
    Description =

    Error - 03.01.2014 07:09:23 | Computer Name = Mugi | Source = Service Control Manager | ID = 7031
    Description =

    Error - 03.01.2014 09:27:03 | Computer Name = Mugi | Source = nvrd32 | ID = 262155
    Description =

    Error - 03.01.2014 15:29:16 | Computer Name = Mugi | Source = nvrd32 | ID = 262155
    Description =

    Error - 03.01.2014 16:32:21 | Computer Name = Mugi | Source = Microsoft Antimalware | ID = 5008
    Description = Das Modul %%860 wurde aufgrund eines unerwarteten Fehlers beendet.

    Fehlertyp:
    %%830 Ausnahmecode: 0xc0000005 Ressource: file:C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccgevt\global\lm.dat

    Error - 03.01.2014 16:34:20 | Computer Name = Mugi | Source = Service Control Manager | ID = 7031
    Description =

    Error - 03.01.2014 16:34:58 | Computer Name = Mugi | Source = Service Control Manager | ID = 7009
    Description =


    < End of report >


    Vorerst vielen Dank. Sieht nach einer Wahnsinns-Arbeit aus!

  7. #17
    Registriert seit
    16.12.2007
    Ort
    Aargau
    Beiträge
    2.054
    ESET Online Scanner
    Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
    • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.

      Button (<< klick) drücken.
      • Firefox-User:
        Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
      • IE-User:
        müssen das Installieren eines ActiveX Elements erlauben.
    • Setze den einen Hacken bei Yes, i accept the Terms of Use.
    • Drücke den Button.
    • Warte bis die Komponenten herunter geladen wurden.
    • Setze einen Haken bei "Scan archives".
    • Gehe sicher, dass bei [B]Remove Found Threads der Haken gesetzt ist.
    • drücken.
    • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
    Wenn der Scan beendet wurde
    • Klicke .
    • Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
    • Klicke Back und Finish
    Bitte poste die Logfile hier.



    Bestehen noch Probleme?


    Interesse an Malwarebekämpfung dann melde Dich bei mir.

  8. #18
    Registriert seit
    17.04.2008
    Beiträge
    53
    Hallo Swisstreasure

    War das ein Tag!
    Genau nach Vorschrift verfahren. Nach 1,5 Stunden kurz Internet weg, alles eingefroren. Startschwierigkeiten. Bis das Ding sich irgendwie selbst repariert hatte Blut geschwitzt. Nach 4,5 Stunden Scan vier Bedrohungen entfernt (S.Scan)

    System lief schon vor dem Scan irgendwie normal. Habe eine Einblendung unten rechts beobachtet "Testen Sie Kies air message.... Und bei Benutzerwechsel auf Admin zum Deaktivieren von Norton erschien "Windows wird nach unerwartetem Herunterfahren wieder audgeführt".

    Ist der Rechner jetzt clean? In dem Fall müsste ich noch Java und Adobe Reader updaten.
    Und soll ich die eingesetzten Scanner deinstallieren oder auf dem System lassen?

    Du hättest mehr als nur ein Bier verdient für Deine Begleitung, nur wie? Auf jeden Fall ganz herzlichen Dank! Werde jetzt meinen heimischen W7-Rechner denselben Prozeduren unterziehen, obwohl kein Hinweis auf Verseuchung besteht.

    Hier das ESET-Logfile
    C:\Program Files\Swisscom\Quick Help\m2mupdate.exe probably unknown NewHeur_PE virus deleted - quarantined
    C:\Users\Markus Casartelli\AppData\Local\Microsoft\Windows\Tempora ry Internet Files\Content.IE5\A1VED4FE\MarkKit_2040-1071[1].exe multiple threats cleaned by deleting - quarantined
    C:\Users\Markus Casartelli\AppData\Local\Microsoft\Windows\Tempora ry Internet Files\Content.IE5\F86LEVJA\Iminent_Snapdo[1].exe Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined
    C:\Users\Susi\AppData\Local\Temp\m2Temp\SCQH300620 13_105217\SwisscomQuickHelp_Setup.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined

  9. #19
    Registriert seit
    16.12.2007
    Ort
    Aargau
    Beiträge
    2.054
    Tool-Bereinigung mit OTL

    Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
    • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
    • Speichere es auf Deinem Desktop.
    • Doppelklick auf OTL.exe um das Programm auszuführen.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Klicke auf den Button "Bereinigung"
    • OTL fragt eventuell nach einem Neustart.
      Sollte es dies tun, so lasse dies bitte zu.
    Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.



    Hier noch ein paar Tipps zur Absicherung deines Systems.


    Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
    • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
    • Windows Updates
      • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
      • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
    • Gehe sicher das die automatischen Updates aktiviert sind.
    • Software Updates
      Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
      Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.



    Anti- Viren Software
    • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.



    Zusätzlicher Schutz
    • MalwareBytes Anti Malware
      Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
      Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
      Ein Tutorial zur Verwendung findest Du hier.
    • WinPatrol
      Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.



    Sicheres Browsen
    • SpywareBlaster
      Eine kurze Einführung findest du Hier
    • MVPs hosts file
      Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
    • WOT (Web of trust)
      Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.



    Alternative Browser

    Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
    • Opera
    • Mozilla Firefox.
      • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
      • NoScript
        Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
      • AdblockPlus
        Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
        Es spart ausserdem Downloadkapazität.


    Performance
    Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
    Halte dich fern von jedlichen Registry Cleanern.
    Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
    Miekemoes Blogspot ( MVP )
    Bill Castner ( MVP )



    Don'ts
    • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
    • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
    • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
    • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

    Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

    Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


    Interesse an Malwarebekämpfung dann melde Dich bei mir.

  10. #20
    Registriert seit
    17.04.2008
    Beiträge
    53
    Hallo Swisstreasure

    Habe OTL Cleanup ausgeführt, hat sich anschliessend selbst entfernt. Malwarebytes habe ich deinstallieren und Adwcleaner vom Desktop löschen müssen. Hier scheint jetzt alles in Ordnung zu sein.
    Herzlichen Dank für Deine Tipps, die ich beherzigen und auch weitergeben werde. Und nochmals herzlichen Dank für Deine Unterstützung die ganzen Tage!
    Lieber Gruss Hermann48

Seite 2 von 2 ErsteErste 1 2

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •