Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 12

Thema: CPU-Auslastung dauerhaft bei 80-100%

  1. 24.07.2012, 19:10 #1
    Sween
    Sween ist offline
    Einsteiger
    Registriert seit
    24.07.2012
    Beiträge
    6

    CPU-Auslastung dauerhaft bei 80-100%

    Hallo Leute, ich habe seit einiger Zeit das Problem, dass meine CPU-Auslastung dauerhaft bei 80-100% liegt und mein System nicht mehr flüssig läuft. Der Prozess mit der meisten CPU-Auslastung ist "System". Hier mein HijackThis-Logfile:
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:30, on 24.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PTBSync\PTBSync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Birgit\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files (x86)\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DATE59F.tmp.exe] C:\Users\Birgit\AppData\Local\Temp\DATE59F.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-356119441-1104399332-615799706-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-356119441-1104399332-615799706-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Atomuhr Synchronisation (PTBSync) - ElmüSoft - C:\Program Files (x86)\PTBSync\PTBSync.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7948 bytes
    Ich hoffe, dass mir hier schnell geholfen werden kann und bedanke mich schon mal im Vorraus für eure Bemühungen.
    Mit freundlichen Grüßen, Sween.
    Geändert von Sween (24.07.2012 um 19:17 Uhr)
  2. 24.07.2012, 20:09 #2
    kira
    kira ist gerade online
    Moderator Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    28.337

    AW: CPU-Auslastung dauerhaft bei 80-100%

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen. Aber vermutlich Du hast ungebetene Gesellschaft auf deinem Rechner...!
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    Das Program installieren und ausführen:
    Anleitung:-> Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

    2.
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    O3 - Toolbar: loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
    O4 - HKCU\..\Run: [DATE59F.tmp.exe] C:\Users\Birgit\AppData\Local\Temp\DATE59F.tmp.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-21-356119441-1104399332-615799706-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    3.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    4.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
    ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

    5.
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]
    Wie es geht:-> Logfiles in Code-Tags setzen
    gruß
    kira
    Warnung!:
    Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
  3. 25.07.2012, 01:47 #3
    Sween
    Sween ist offline
    Einsteiger
    Registriert seit
    24.07.2012
    Beiträge
    6

    AW: CPU-Auslastung dauerhaft bei 80-100%

    Hallo kira. Den Beitrag "Worauf musst Du während der Bereinigung achten?" habe ich gelesen und akzeptiere ihn.

    1. Malwarebytes Anti-Malware Logfile:
    Code:
    Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Birgit :: BIRGIT-PC [Administrator]

25.07.2012 00:52:30
mbam-log-2012-07-25 (00-52-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363027
Laufzeit: 1 Stunde(n), 3 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
    2. Fixen mit HijackThis:
    Der Eintrag "O4 - HKCU\..\Run: [DATE59F.tmp.exe] C:\Users\Birgit\AppData\Local\Temp\DATE59F.tmp.exe" war nicht mehr vorhanden, aber die anderen 4 Einträge habe ich fixen lassen.

    3. CCleaner Programmliste:
    Code:
    Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	11.07.2012	6,00MB	11.3.300.265
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.07.2012	6,00MB	11.3.300.265
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	13.04.2012	121MB	10.1.3
Avira Free Antivirus	Avira	29.05.2012	109MB	12.0.0.1125
CCleaner	Piriform	22.06.2012		3.20
DAEMON Tools Lite	DT Soft Ltd	02.07.2012		4.45.4.0315
Divinity II - Ego Draconis	dtp	20.06.2012		
Google Earth	Google	10.07.2012	107MB	6.2.2.6613
IN NOMINE IMPERATORIS		03.07.2012		
Java(TM) 6 Update 33	Oracle	21.07.2012	95,6MB	6.0.330
JDownloader 0.9	AppWork GmbH	20.06.2012		0.9
loadtbs-3.0		12.07.2012		
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	24.07.2012	18,7MB	1.62.0.1300
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.04.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.04.2012	2,93MB	4.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	01.07.2012	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	01.07.2012	2,10MB	9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	25.07.2012	238KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	05.07.2012	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	31.03.2012	11,1MB	10.0.40219
Morrowind		03.07.2012		
Morrowind mod manager 0.8.4	Timeslip	22.07.2012		
Morrowind Script Extender 0.9.4.1		19.07.2012		
Mozilla Firefox 14.0.1 (x86 de)	Mozilla	19.07.2012	36,3MB	14.0.1
Mozilla Maintenance Service	Mozilla	19.07.2012	309KB	14.0.1
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla	31.03.2012	37,4MB	11.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	18.06.2012	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	19.06.2012	1,33MB	4.20.9876.0
Need for Speed™ Most Wanted		05.07.2012		
NVIDIA Grafiktreiber 301.42	NVIDIA Corporation	25.06.2012		301.42
NVIDIA PhysX	NVIDIA Corporation	20.06.2012	119MB	9.09.0428
NVIDIA Update 1.8.15	NVIDIA Corporation	25.06.2012		1.8.15
OpenOffice.org 3.4	OpenOffice.org	01.07.2012	328MB	3.4.9590
Orden der Ehre 3.0	jsc	03.07.2012		Orden der Ehre 3.0
PTBSync (Atomuhr Synchronisation & Terminkalender)	ElmueSoft	24.07.2012		5.6b
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	31.03.2012		6.0.1.5809
Rettungswagen Simulator 2012		05.07.2012		
SAMSUNG Mobile Modem Driver Set		10.06.2012		
Samsung Mobile phone USB driver Software		10.06.2012		
SAMSUNG Mobile USB Modem 1.0 Software		10.06.2012		
SAMSUNG Mobile USB Modem Software		10.06.2012		
Skype™ 5.10	Skype Technologies S.A.	22.07.2012	19,4MB	5.10.116
Sniper - Art of Victory	City Interactive	13.07.2012		
Sniper Elite Demo		12.07.2012		
TeamViewer 7	TeamViewer	17.07.2012		7.0.13989
TES Construction Set		03.07.2012		
VLC media player 2.0.2	VideoLAN	01.07.2012		2.0.2
WinRAR 4.20 (64-Bit)	win.rar GmbH	20.06.2012		4.20.0
World of Warcraft	Blizzard Entertainment	21.06.2012	14,2GB	3.3.5.12340
    4. HijackThis Logfile:
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:25:01, on 25.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PTBSync\PTBSync.exe
C:\Users\Birgit\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files (x86)\PTBSync\PTBSync.exe /Start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-356119441-1104399332-615799706-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Atomuhr Synchronisation (PTBSync) - ElmüSoft - C:\Program Files (x86)\PTBSync\PTBSync.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7163 bytes
    5. OTL Logfiles:
    OTL.txt:
    Code:
    OTL logfile created on: 25.07.2012 02:26:56 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Birgit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 56,38% Memory free
4,99 Gb Paging File | 3,53 Gb Available in Paging File | 70,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 741,79 Gb Free Space | 84,25% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,27 Mb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 44,44 Gb Free Space | 98,27% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
Drive G: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 4,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Birgit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PTBSync) -- C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WinRing0_1_2_0) -- C:\Windows\SysNative\drivers\ptbring0.sys (OpenLibSys.org)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A CA B5 AA 48 25 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 23:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.31 02:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.31 02:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions
[2012.07.14 11:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions
[2012.06.20 00:45:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\ich@maltegoetz.de
[2012.07.14 11:09:41 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\software@loadtubes.com
[2012.07.21 11:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.21 11:56:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.07 13:28:00 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M9PR3FH7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.06.26 23:14:58 | 000,017,247 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M9PR3FH7.DEFAULT\EXTENSIONS\DISLIKE@DISLIKE.NETNOVATE.COM.XPI
[2012.07.19 23:00:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 23:15:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 23:15:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 23:15:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 23:15:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 23:15:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 23:15:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PTBSync] C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1ECAED-131E-46F1-B6ED-455F66E1259B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.05.02 01:35:42 | 000,000,069 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\0data\cbs.exe -- [2012.03.09 17:53:38 | 003,427,328 | R--- | M] ()
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Setup.exe -- [2012.05.02 19:57:36 | 000,822,291 | R--- | M] (ZKY                                                         )
O33 - MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\0data\cbs.exe -- [2012.03.09 17:53:38 | 003,427,328 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 02:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 02:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.24 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Malwarebytes
[2012.07.24 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 20:01:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.24 20:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 17:56:54 | 000,014,544 | ---- | C] (OpenLibSys.org) -- C:\Windows\SysNative\drivers\ptbring0.sys
[2012.07.24 17:56:53 | 000,000,000 | --SD | C] -- C:\Users\Birgit\AppData\Local\PTBSync
[2012.07.24 17:56:53 | 000,000,000 | --SD | C] -- C:\ProgramData\PTBSync
[2012.07.24 17:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTBSync
[2012.07.22 23:35:58 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\ElevatedDiagnostics
[2012.07.22 21:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind Mod Manager
[2012.07.21 11:56:36 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.21 11:56:36 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.07.21 11:56:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.07.21 11:56:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.07.21 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.19 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MWScriptExtender
[2012.07.19 22:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind Script Extender
[2012.07.17 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\TeamViewer
[2012.07.17 23:13:27 | 000,000,000 | ---D | C] -- C:\Users\Birgit\temp
[2012.07.17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.07.13 12:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012.07.13 12:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Interactive
[2012.07.12 23:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MC2
[2012.07.12 23:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MC2
[2012.07.12 22:24:38 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\convert
[2012.07.12 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\loadtbs
[2012.07.11 03:01:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 03:01:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 03:01:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 03:01:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 03:01:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 03:01:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 03:01:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 03:01:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 03:01:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 03:01:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 03:01:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 03:01:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 03:01:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 20:39:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 20:39:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 20:39:09 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 20:39:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 20:39:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 08:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.07.10 08:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.10 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\Google
[2012.07.07 16:41:44 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.07 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.07 16:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.06 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012.07.05 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\NFS Most Wanted
[2012.07.05 15:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.07.05 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2012.07.05 02:42:56 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\Z-Software
[2012.07.05 02:42:56 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Z-Software
[2012.07.05 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Software
[2012.07.05 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rettungswagen Simulator 2012
[2012.07.05 00:06:13 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.07.05 00:06:13 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.07.05 00:06:13 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.07.05 00:06:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.07.05 00:06:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.07.05 00:06:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.07.05 00:06:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.07.05 00:06:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.07.05 00:06:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.07.05 00:06:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.07.05 00:06:11 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.07.05 00:06:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.07.05 00:06:09 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.07.05 00:06:09 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.07.05 00:06:08 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.07.05 00:06:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.07.05 00:06:07 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.07.05 00:06:07 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.07.05 00:06:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.07.05 00:06:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.07.05 00:06:07 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.07.05 00:06:07 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.07.05 00:06:06 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.07.05 00:06:06 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.07.05 00:06:05 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.07.05 00:06:05 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.07.05 00:06:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.07.05 00:06:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.07.05 00:06:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.07.05 00:06:03 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.07.05 00:06:02 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.07.05 00:06:02 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.07.05 00:06:01 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.07.05 00:06:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.07.05 00:06:00 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.07.05 00:06:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.07.05 00:06:00 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.07.05 00:06:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.07.05 00:05:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.07.05 00:05:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.07.05 00:05:48 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.07.05 00:05:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.07.05 00:05:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.07.05 00:05:48 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.07.05 00:05:48 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.07.05 00:05:48 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.07.05 00:05:47 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.07.05 00:05:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.07.05 00:05:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.07.05 00:05:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.07.05 00:05:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.07.05 00:05:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.07.05 00:05:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.07.05 00:05:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.07.05 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rettungswagen Simulator 2012
[2012.07.04 03:00:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.03 19:30:58 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\OpenOffice.org
[2012.07.03 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.07.03 14:23:43 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IN NOMINE IMPERATORIS
[2012.07.03 14:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IN NOMINE IMPERATORIS
[2012.07.03 14:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2012.07.03 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morrowind-Kram
[2012.07.03 14:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind-Kram
[2012.07.02 09:24:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll
[2012.07.02 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.07.02 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012.07.02 09:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.02 09:17:53 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\DAEMON Tools Lite
[2012.07.02 09:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.02 09:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.01 21:22:12 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\vlc
[2012.07.01 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.01 21:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.07.01 21:00:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.07.01 20:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.07.01 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.06.30 05:18:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.06.25 23:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.06.25 23:06:46 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.06.25 23:06:46 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.06.25 23:06:46 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.06.25 23:06:46 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.06.25 23:06:46 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.06.25 23:06:07 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.06.25 23:06:07 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.06.25 23:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.25 23:04:33 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.06.25 23:04:33 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.06.25 23:04:32 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.06.25 23:04:32 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.06.25 23:04:32 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.06.25 23:04:32 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.06.25 23:04:32 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.06.25 23:04:32 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.06.25 23:04:32 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.06.25 23:04:32 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.06.25 23:04:30 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.06.25 23:04:30 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.06.25 23:04:30 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.06.25 23:04:30 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.06.25 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.06.25 22:57:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.06.25 06:26:35 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 02:21:35 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.25 02:11:14 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 02:11:14 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 02:08:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.25 02:08:22 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.25 02:08:22 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.25 02:08:22 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.25 02:08:22 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.25 02:05:16 | 000,000,559 | ---- | M] () -- C:\Users\Birgit\Documents\PTBSync-AutoExport-Birgit.ini
[2012.07.25 02:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 02:03:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.25 02:03:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 02:03:16 | 2011,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 01:58:54 | 000,013,556 | ---- | M] () -- C:\Users\Birgit\Documents\wurzelimperium.ods
[2012.07.25 01:47:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 20:01:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.24 18:41:56 | 000,294,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.24 17:56:54 | 000,014,544 | ---- | M] (OpenLibSys.org) -- C:\Windows\SysNative\drivers\ptbring0.sys
[2012.07.21 11:56:30 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.21 11:56:30 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.21 11:56:30 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.07.21 11:56:30 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.07.21 11:56:30 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.07.18 00:20:25 | 000,007,605 | ---- | M] () -- C:\Users\Birgit\AppData\Local\Resmon.ResmonCfg
[2012.07.17 23:13:19 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.12 00:48:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 00:48:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.03 16:30:57 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\Morrowind.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 21:20:31 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.01 21:00:46 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.06.25 06:26:36 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.25 02:21:27 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 20:01:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 00:20:25 | 000,007,605 | ---- | C] () -- C:\Users\Birgit\AppData\Local\Resmon.ResmonCfg
[2012.07.17 23:13:19 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.07.17 23:13:19 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.10 08:55:43 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.10 08:55:37 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 22:56:47 | 000,013,556 | ---- | C] () -- C:\Users\Birgit\Documents\wurzelimperium.ods
[2012.07.03 16:29:59 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Morrowind.ini
[2012.07.01 21:20:31 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.01 21:12:08 | 000,000,559 | ---- | C] () -- C:\Users\Birgit\Documents\PTBSync-AutoExport-Birgit.ini
[2012.07.01 21:00:46 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.06.25 23:04:32 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

< End of report >
    Extras.txt:
    Code:
    OTL Extras logfile created on: 25.07.2012 02:26:56 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Birgit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 56,38% Memory free
4,99 Gb Paging File | 3,53 Gb Available in Paging File | 70,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 741,79 Gb Free Space | 84,25% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,27 Mb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 44,44 Gb Free Space | 98,27% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
Drive G: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 4,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08084185-AAC2-4AEC-AAC3-540BACA2424B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{08CDDA49-ED55-439C-A9F6-BFB0E06AE3A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C2BA798-3DE7-40C2-A0BE-9C1D4F15AFDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34768254-5E9F-4F28-A0D5-73205F6461E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36C08336-DB05-4BB7-99F9-F4CAA494AF83}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B59A62C-B166-4B2E-A7E8-E746E192C9DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5159EC50-BCE5-4DC4-AFA8-D151173BB6BC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{536B507E-6C6B-4DCC-8976-EC258CE522F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{624982D7-CA9D-4631-BA66-1D9D6C3320B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6F1FDFAA-BEF2-4101-9BF3-26C885B291ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7012C52C-9AFB-4B40-9ED7-0B55D84AEB41}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F770EDE-AD4B-4FC2-8E4D-069C13E828A7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{968FC3BA-A652-4753-AA3A-E2D986CBBFD8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{ACCD2E69-CFF4-43FB-8780-4BBAFCA17738}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE2DCBF8-4F21-4D6E-B8B4-A313223F0220}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B876FF05-57E6-4CB2-8654-6F0E4758F245}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C75393F3-5512-42C5-9E5C-BEA02FADBCFA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9579840-58B2-4A15-9CDB-95725A847053}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E279BE77-A28B-4486-AC66-16E466FDA20F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED2EC973-A71C-49EF-8196-8E68C277465B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F1C0AAB5-CD13-4F03-8EC7-77E20CBEAFE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F76ED8B5-059B-4C43-96AE-3C77947A8AAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9CBAE14-B482-4586-BFC5-17096106A4B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB0527AF-0BDA-4201-B735-AE133B38E785}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022776AE-F0C1-4B58-9ECF-7A3388A60FF3}" = protocol=6 | dir=in | app=c:\users\birgit\appdata\local\temp\blizzard installer bootstrap - 00a828b8\installer.exe | 
"{0D898A5B-31B3-4EBE-96BE-9408032087F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{254A65CA-0319-46ED-AC26-C84E71531F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2AFF22EB-6DEF-4E51-8DEA-D92F5F9562DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3A49B0E4-BB24-4B2D-A0FD-F8E098D9EE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{3AE1B283-F5E6-4028-9795-6DC924E78201}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3B88E8B9-E917-4471-978F-F74DAF9F44EA}" = protocol=17 | dir=in | app=c:\users\birgit\appdata\local\temp\blizzard installer bootstrap - 00a828b8\installer.exe | 
"{41706D1B-2A43-45F0-960D-17EE6E74C003}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{46B36978-B0B3-4D19-8CD0-848A111FDEE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DA4698C-CB07-4F5D-B74F-537D42265DA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AD87E06-9EFE-4DDC-B371-61B641BEFBA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6EE91D6B-8222-49CF-A1A7-D33E69C45FBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{707040BD-95A9-4D8B-BD76-A1F21F760E74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{723E51BB-325C-46FC-9A01-22D8643574F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{779F71CF-AC67-4B57-A4EA-6A8397466BF6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{78315F66-DE93-452B-9EF4-0FF757E673AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{789ABDF4-F722-49FD-9388-ABD3424D13C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{832E8AE6-71B7-4F31-A440-1D7447F67F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{883ED483-8C7D-42FE-A205-19615844F157}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A18E00B-3C6E-42FA-A4C2-F9EA34BA7825}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{984231A2-8A6A-443C-BEF0-72170A945D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A164302C-06CC-41F8-B5BE-9C5D3D93F4DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADF5B2F0-48DC-41D8-8B8E-6039EAAD1052}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{C060E636-B864-4DC1-9072-815B874DCE5A}" = protocol=6 | dir=out | app=system | 
"{C450EBBD-1A88-492C-AAF9-092B23EA608A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0C9375E-7B82-4406-82EE-891EBA54E082}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D720DB20-0AAD-4ED1-937E-C298EB1FA616}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{D7E78109-61F1-4E93-A5CA-2BF5473E54C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD8D809F-3FC7-40A0-AD8E-EDE7ADA86B50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{EF0D4712-ABF2-4DC9-94B9-AA81D3F86F52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{3BA77AAD-F63E-4FA9-96F6-D71516FBEF82}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C796763C-1A71-472E-AB92-B2298AB47980}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{3DB88A43-A303-4899-98A9-2C85E5076CFF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{8FD0C86F-9D24-46A2-B1D0-D264EC9118A3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite Demo
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"IN NOMINE IMPERATORIS" = IN NOMINE IMPERATORIS
"loadtbs-3.0" = loadtbs-3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Morrowind mod manager_is1" = Morrowind mod manager 0.8.4
"Morrowind Script Extender_is1" = Morrowind Script Extender 0.9.4.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Orden der Ehre 3.3_is1" = Orden der Ehre 3.0
"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)
"Rettungswagen Simulator 2012" = Rettungswagen Simulator 2012
"sniper_de_is1" = Sniper - Art of Victory
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2012 11:57:39 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000e5467  ID des fehlerhaften
 Prozesses: 0xa7c  Startzeit der fehlerhaften Anwendung: 0x01cd68203dd60355  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Berichtskennung:
 f61c319a-d415-11e1-92e7-002185692b2a
 
Error - 22.07.2012 14:39:39 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 17:33:46 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004ff2b  ID des fehlerhaften
 Prozesses: 0x5b4  Startzeit der fehlerhaften Anwendung: 0x01cd6845c57ca8df  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ea97d8ac-d444-11e1-b9c6-002185692b2a
 
Error - 22.07.2012 17:33:57 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004ff2b  ID des fehlerhaften
 Prozesses: 0x5b4  Startzeit der fehlerhaften Anwendung: 0x01cd6845c57ca8df  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: f0e2eed7-d444-11e1-b9c6-002185692b2a
 
Error - 22.07.2012 18:14:21 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075fde  ID des fehlerhaften
 Prozesses: 0x500  Startzeit der fehlerhaften Anwendung: 0x01cd6851fc840f81  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Berichtskennung:
 959bf11c-d44a-11e1-b9c6-002185692b2a
 
Error - 24.07.2012 12:40:08 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000344ec  ID des fehlerhaften
 Prozesses: 0x944  Startzeit der fehlerhaften Anwendung: 0x01cd69b53f915257  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 3a20e70c-d5ae-11e1-b9c6-002185692b2a
 
Error - 24.07.2012 12:40:14 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000343d6  ID des fehlerhaften
 Prozesses: 0x944  Startzeit der fehlerhaften Anwendung: 0x01cd69b53f915257  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 3db46e60-d5ae-11e1-b9c6-002185692b2a
 
Error - 24.07.2012 12:43:32 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 14:27:50 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 20:05:08 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 24.07.2012 02:11:35 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 08:11:35 - Fehler beim Herstellen der Internetverbindung.  08:11:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 02:12:12 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 08:12:08 - Fehler beim Herstellen der Internetverbindung.  08:12:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 03:12:57 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 09:12:57 - Fehler beim Herstellen der Internetverbindung.  09:12:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 03:13:29 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 09:13:28 - Fehler beim Herstellen der Internetverbindung.  09:13:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 04:14:11 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 10:14:11 - Fehler beim Herstellen der Internetverbindung.  10:14:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 04:14:43 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 10:14:42 - Fehler beim Herstellen der Internetverbindung.  10:14:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 05:15:29 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 11:15:29 - Fehler beim Herstellen der Internetverbindung.  11:15:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 05:16:02 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 11:16:01 - Fehler beim Herstellen der Internetverbindung.  11:16:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 18.07.2012 16:28:04 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.07.2012 16:28:04 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.07.2012 16:28:04 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Automatische WLAN-Konfiguration" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.07.2012 16:28:05 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.07.2012 16:28:05 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 20.07.2012 10:19:18 | Computer Name = Birgit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?07.?2012 um 13:03:55 unerwartet heruntergefahren.
 
Error - 24.07.2012 13:28:00 | Computer Name = Birgit-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 24.07.2012 13:53:47 | Computer Name = Birgit-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Birgit\AppData\Local\Temp\mbr.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 24.07.2012 13:54:25 | Computer Name = Birgit-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Birgit\AppData\Local\Temp\mbr.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 24.07.2012 13:54:25 | Computer Name = Birgit-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Birgit\AppData\Local\Temp\mbr.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
 
< End of report >
    Mit freundlichen Grüßen,
    Sween
    Geändert von Sween (25.07.2012 um 01:55 Uhr)
  4. 26.07.2012, 06:45 #4
    kira
    kira ist gerade online
    Moderator Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    28.337

    AW: CPU-Auslastung dauerhaft bei 80-100%

    Systemreinigung und Prüfung:

    1.
    Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:
    Code:
    loadtbs-3.0
    Leider oft tragen sich "ungebetene Gäste (Erweiterungen wie Toolbars, Pluggins, Start- und Suchseite) direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

    Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
    Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
    In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
    Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
    die aktuelle Webseite als Startseite unter die Lupe nehmen
    unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
    In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
    2.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert inkl. :OTL):
    Code:
    :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012.07.14 11:09:41 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\software@loadtubes.com
[2012.06.26 23:15:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 23:15:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 23:15:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 23:15:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 23:15:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.05.02 01:35:42 | 000,000,069 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\0data\cbs.exe -- [2012.03.09 17:53:38 | 003,427,328 | R--- | M] ()
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Setup.exe -- [2012.05.02 19:57:36 | 000,822,291 | R--- | M] (ZKY                                                         )
O33 - MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\0data\cbs.exe -- [2012.03.09 17:53:38 | 003,427,328 | R--- | M] ()
[2012.07.25 02:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 02:03:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.10 08:55:43 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.10 08:55:37 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
C:\Users\Birgit\AppData\Roaming\loadtbs
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    3.
    Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
    oder:
    Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

    4.
    Aktualisieren:
    -> Mozilla Thunderbird
    gehe auf "Hilfe"-> "Über Thunderbird"

    5.
    Öffne CCleaner - Anleitung CCleaner
    • "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
    • Starte dein System neu auf


    6.
    Tipps (unabhängig davon ob man ihn benutzt oder nicht, muss gepfegt werden!):
    ->Tipps zu Internet Explorer
    -> Standard Suchmaschine des Explorers ändern
    -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
    -> Wie kann ich den Cache im Internet Explorer leeren?

    7.
    eine weitere Systembereinigung herbeizuführen, bitte führe folgendes Programm aus:
    Anleitung:-> Grundreinigung mit SUPERAntiSpyware
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.

    8.
    ♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
    -> Ext anschließbare Geräte (um die gesicherten Daten zu prüfen) miteinbeziehen:
    ♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

    9.
    ESET Online Scanner
    Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Eset:

    Achtung!:
    Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von:
    Eset/Nod32 bitte auswählen!!!-> Link und Anleitung zum ESET/NOD32 online Scanner-> Kostenlose Online Scanner
    ♦ Protokoll speichern und posten

    10.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
    Nur bei Probleme stoppen und nachfragen

    ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
    Geändert von kira (26.07.2012 um 06:51 Uhr)
    Warnung!:
    Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
  5. 26.07.2012, 23:58 #5
    Sween
    Sween ist offline
    Einsteiger
    Registriert seit
    24.07.2012
    Beiträge
    6

    AW: CPU-Auslastung dauerhaft bei 80-100%

    1. "loadtbs-3.0" habe ich deinstalliert.

    2.
    Code:
    Files\Folders moved on Reboot...
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
File\Folder K:\autorun.inf not found!
File move failed. G:\0data\cbs.exe scheduled to be moved on reboot.
File\Folder K:\Setup.exe not found!
C:\Users\Birgit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2012.05.09 16:01:32 | 000,000,081 | R--- | M] () G:\Autorun.inf : MD5=2104538959C27D2C093C393DDCD4C4AA
File K:\autorun.inf not found!
[2012.03.09 17:53:38 | 003,427,328 | R--- | M] () G:\0data\cbs.exe : MD5=141471B20D941BDA03A8F653F2C1B824
File K:\Setup.exe not found!
File C:\Users\Birgit\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
    3. Java auf Version 7 Update 5 geupdatet.

    4. Mozilla Thunderbird auf Version 14.0 geupdatet.

    5. Mit CCleaner gecleaned und Registry-Fehler behoben.

    6. Internet Explorer Standardsuchmaschine auf http://www.google.de/ geändert und Cache gelöscht.

    7. SUPERAntiSpyware hat nichts gefunden.
    Code:
    SUPERAntiSpyware Scann-Protokoll
http://www.superantispyware.com

Generiert 07/26/2012 bei 02:00 PM

Version der Applikation : 5.5.1012

Version der Kern-Datenbank : 8963
Version der Spur-Datenbank : 6775

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:43:57

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Gescannte Speicherelemente  : 609
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 69424
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 54728
Erfasste Datei-Elemente   : 0
    8. Erledigt.

    9. ESET Logfile:
    Code:
    ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=48b0617533cc4843a234ff186d01884c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-26 04:19:46
# local_time=2012-07-26 06:19:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 10102661 10102661 0 0
# compatibility_mode=5893 16776573 100 94 0 94937665 0 0
# compatibility_mode=8192 67108863 100 0 250 250 0 0
# scanned=152199
# found=0
# cleaned=0
# scan_time=11772
    10. OTL Logfiles:
    OTL.txt
    Code:
    OTL logfile created on: 26.07.2012 23:54:29 - Run 2
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Birgit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 44,41% Memory free
4,99 Gb Paging File | 3,01 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 741,34 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,27 Mb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 44,44 Gb Free Space | 98,27% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
Drive G: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Birgit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PTBSync) -- C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WinRing0_1_2_0) -- C:\Windows\SysNative\drivers\ptbring0.sys (OpenLibSys.org)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 41 E6 D7 15 6B CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 23:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.26 11:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.31 02:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions
[2012.07.26 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions
[2012.06.20 00:45:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\ich@maltegoetz.de
[2012.07.26 11:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.07 13:28:00 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M9PR3FH7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.06.26 23:14:58 | 000,017,247 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M9PR3FH7.DEFAULT\EXTENSIONS\DISLIKE@DISLIKE.NETNOVATE.COM.XPI
[2012.07.19 23:00:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 23:15:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PTBSync] C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1ECAED-131E-46F1-B6ED-455F66E1259B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004.10.05 15:11:12 | 003,871,580 | R--- | M] (Macromedia, Inc.) - K:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.01.06 20:08:48 | 000,000,144 | RH-- | M] () - K:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002.07.15 13:41:18 | 000,024,576 | RH-- | M] () - K:\AutoRunMorrowind.exe -- [ UDF ]
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Autorun.exe -- [2004.10.05 15:11:12 | 003,871,580 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\install\command - "" = K:\Setup.exe -- [2001.09.05 05:23:24 | 000,056,320 | RH-- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.26 12:14:32 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.26 12:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.26 12:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.26 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.26 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.26 11:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.26 11:55:46 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.26 11:55:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.26 11:55:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.26 11:44:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 02:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 02:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.24 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Malwarebytes
[2012.07.24 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 20:01:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.24 20:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 17:56:54 | 000,014,544 | ---- | C] (OpenLibSys.org) -- C:\Windows\SysNative\drivers\ptbring0.sys
[2012.07.24 17:56:53 | 000,000,000 | --SD | C] -- C:\Users\Birgit\AppData\Local\PTBSync
[2012.07.24 17:56:53 | 000,000,000 | --SD | C] -- C:\ProgramData\PTBSync
[2012.07.24 17:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTBSync
[2012.07.22 23:35:58 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\ElevatedDiagnostics
[2012.07.22 21:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind Mod Manager
[2012.07.21 11:56:36 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.21 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.19 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MWScriptExtender
[2012.07.19 22:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind Script Extender
[2012.07.17 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\TeamViewer
[2012.07.17 23:13:27 | 000,000,000 | ---D | C] -- C:\Users\Birgit\temp
[2012.07.17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.07.13 12:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012.07.13 12:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Interactive
[2012.07.12 23:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MC2
[2012.07.12 23:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MC2
[2012.07.12 22:24:38 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\convert
[2012.07.11 03:01:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 03:01:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 03:01:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 03:01:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 03:01:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 03:01:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 03:01:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 03:01:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 03:01:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 03:01:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 03:01:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 03:01:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 03:01:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 20:39:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 20:39:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 20:39:09 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 20:39:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 20:39:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 08:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.07.10 08:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.10 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\Google
[2012.07.07 16:41:44 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.07 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.07 16:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.06 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012.07.05 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\NFS Most Wanted
[2012.07.05 15:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.07.05 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2012.07.05 02:42:56 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\Z-Software
[2012.07.05 02:42:56 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Z-Software
[2012.07.05 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Software
[2012.07.05 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rettungswagen Simulator 2012
[2012.07.05 00:06:13 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.07.05 00:06:13 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.07.05 00:06:13 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.07.05 00:06:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.07.05 00:06:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.07.05 00:06:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.07.05 00:06:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.07.05 00:06:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.07.05 00:06:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.07.05 00:06:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.07.05 00:06:11 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.07.05 00:06:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.07.05 00:06:09 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.07.05 00:06:09 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.07.05 00:06:08 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.07.05 00:06:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.07.05 00:06:07 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.07.05 00:06:07 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.07.05 00:06:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.07.05 00:06:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.07.05 00:06:07 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.07.05 00:06:07 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.07.05 00:06:06 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.07.05 00:06:06 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.07.05 00:06:05 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.07.05 00:06:05 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.07.05 00:06:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.07.05 00:06:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.07.05 00:06:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.07.05 00:06:03 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.07.05 00:06:02 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.07.05 00:06:02 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.07.05 00:06:01 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.07.05 00:06:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.07.05 00:06:00 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.07.05 00:06:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.07.05 00:06:00 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.07.05 00:06:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.07.05 00:05:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.07.05 00:05:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.07.05 00:05:48 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.07.05 00:05:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.07.05 00:05:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.07.05 00:05:48 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.07.05 00:05:48 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.07.05 00:05:48 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.07.05 00:05:47 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.07.05 00:05:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.07.05 00:05:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.07.05 00:05:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.07.05 00:05:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.07.05 00:05:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.07.05 00:05:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.07.05 00:05:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.07.05 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rettungswagen Simulator 2012
[2012.07.04 03:00:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.03 19:30:58 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\OpenOffice.org
[2012.07.03 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.07.03 14:23:43 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IN NOMINE IMPERATORIS
[2012.07.03 14:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IN NOMINE IMPERATORIS
[2012.07.03 14:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2012.07.03 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morrowind-Kram
[2012.07.03 14:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind-Kram
[2012.07.02 09:24:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll
[2012.07.02 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.07.02 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012.07.02 09:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.02 09:17:53 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\DAEMON Tools Lite
[2012.07.02 09:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.02 09:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.01 21:22:12 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\vlc
[2012.07.01 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.01 21:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.07.01 21:00:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.07.01 20:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.07.01 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.06.30 05:18:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 23:48:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.26 23:48:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.26 23:48:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.26 23:12:00 | 000,000,559 | ---- | M] () -- C:\Users\Birgit\Documents\PTBSync-AutoExport-Birgit.ini
[2012.07.26 17:07:38 | 000,013,593 | ---- | M] () -- C:\Users\Birgit\Documents\wurzelimperium.ods
[2012.07.26 17:07:34 | 000,000,102 | -H-- | M] () -- C:\Users\Birgit\Documents\.~lock.wurzelimperium.ods#
[2012.07.26 12:19:21 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 12:19:21 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 12:16:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 12:16:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.26 12:16:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 12:16:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.26 12:16:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 12:14:05 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.26 12:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 12:11:37 | 2011,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 12:10:04 | 000,168,332 | ---- | M] () -- C:\Users\Birgit\Documents\cc_20120726_120957.reg
[2012.07.26 11:55:27 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.26 11:55:27 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.25 02:21:35 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 20:01:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.24 18:41:56 | 000,294,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.24 17:56:54 | 000,014,544 | ---- | M] (OpenLibSys.org) -- C:\Windows\SysNative\drivers\ptbring0.sys
[2012.07.18 00:20:25 | 000,007,605 | ---- | M] () -- C:\Users\Birgit\AppData\Local\Resmon.ResmonCfg
[2012.07.17 23:13:19 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.03 16:30:57 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\Morrowind.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 21:20:31 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.01 21:00:46 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 12:20:22 | 000,000,102 | -H-- | C] () -- C:\Users\Birgit\Documents\.~lock.wurzelimperium.ods#
[2012.07.26 12:14:05 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.26 12:10:00 | 000,168,332 | ---- | C] () -- C:\Users\Birgit\Documents\cc_20120726_120957.reg
[2012.07.25 02:21:27 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 20:01:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 00:20:25 | 000,007,605 | ---- | C] () -- C:\Users\Birgit\AppData\Local\Resmon.ResmonCfg
[2012.07.17 23:13:19 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.07.17 23:13:19 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.07 22:56:47 | 000,013,593 | ---- | C] () -- C:\Users\Birgit\Documents\wurzelimperium.ods
[2012.07.03 16:29:59 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Morrowind.ini
[2012.07.01 21:20:31 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.01 21:12:08 | 000,000,559 | ---- | C] () -- C:\Users\Birgit\Documents\PTBSync-AutoExport-Birgit.ini
[2012.07.01 21:00:46 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk

< End of report >
    Extras.txt
    Code:
    OTL Extras logfile created on: 26.07.2012 23:54:29 - Run 2
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Birgit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 44,41% Memory free
4,99 Gb Paging File | 3,01 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 741,34 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,27 Mb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 44,44 Gb Free Space | 98,27% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
Drive G: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08084185-AAC2-4AEC-AAC3-540BACA2424B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{08CDDA49-ED55-439C-A9F6-BFB0E06AE3A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C2BA798-3DE7-40C2-A0BE-9C1D4F15AFDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34768254-5E9F-4F28-A0D5-73205F6461E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36C08336-DB05-4BB7-99F9-F4CAA494AF83}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B59A62C-B166-4B2E-A7E8-E746E192C9DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5159EC50-BCE5-4DC4-AFA8-D151173BB6BC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{536B507E-6C6B-4DCC-8976-EC258CE522F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{624982D7-CA9D-4631-BA66-1D9D6C3320B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6F1FDFAA-BEF2-4101-9BF3-26C885B291ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7012C52C-9AFB-4B40-9ED7-0B55D84AEB41}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F770EDE-AD4B-4FC2-8E4D-069C13E828A7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{968FC3BA-A652-4753-AA3A-E2D986CBBFD8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{ACCD2E69-CFF4-43FB-8780-4BBAFCA17738}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE2DCBF8-4F21-4D6E-B8B4-A313223F0220}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B876FF05-57E6-4CB2-8654-6F0E4758F245}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C75393F3-5512-42C5-9E5C-BEA02FADBCFA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9579840-58B2-4A15-9CDB-95725A847053}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E279BE77-A28B-4486-AC66-16E466FDA20F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED2EC973-A71C-49EF-8196-8E68C277465B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F1C0AAB5-CD13-4F03-8EC7-77E20CBEAFE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F76ED8B5-059B-4C43-96AE-3C77947A8AAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9CBAE14-B482-4586-BFC5-17096106A4B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB0527AF-0BDA-4201-B735-AE133B38E785}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D898A5B-31B3-4EBE-96BE-9408032087F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{254A65CA-0319-46ED-AC26-C84E71531F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2AFF22EB-6DEF-4E51-8DEA-D92F5F9562DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3A49B0E4-BB24-4B2D-A0FD-F8E098D9EE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{3AE1B283-F5E6-4028-9795-6DC924E78201}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41706D1B-2A43-45F0-960D-17EE6E74C003}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{46B36978-B0B3-4D19-8CD0-848A111FDEE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DA4698C-CB07-4F5D-B74F-537D42265DA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AD87E06-9EFE-4DDC-B371-61B641BEFBA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6EE91D6B-8222-49CF-A1A7-D33E69C45FBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{707040BD-95A9-4D8B-BD76-A1F21F760E74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{723E51BB-325C-46FC-9A01-22D8643574F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{779F71CF-AC67-4B57-A4EA-6A8397466BF6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{78315F66-DE93-452B-9EF4-0FF757E673AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{789ABDF4-F722-49FD-9388-ABD3424D13C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{832E8AE6-71B7-4F31-A440-1D7447F67F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{883ED483-8C7D-42FE-A205-19615844F157}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A18E00B-3C6E-42FA-A4C2-F9EA34BA7825}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{984231A2-8A6A-443C-BEF0-72170A945D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A164302C-06CC-41F8-B5BE-9C5D3D93F4DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADF5B2F0-48DC-41D8-8B8E-6039EAAD1052}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{C060E636-B864-4DC1-9072-815B874DCE5A}" = protocol=6 | dir=out | app=system | 
"{C450EBBD-1A88-492C-AAF9-092B23EA608A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0C9375E-7B82-4406-82EE-891EBA54E082}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D720DB20-0AAD-4ED1-937E-C298EB1FA616}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{D7E78109-61F1-4E93-A5CA-2BF5473E54C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD8D809F-3FC7-40A0-AD8E-EDE7ADA86B50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{EF0D4712-ABF2-4DC9-94B9-AA81D3F86F52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite Demo
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"IN NOMINE IMPERATORIS" = IN NOMINE IMPERATORIS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Morrowind mod manager_is1" = Morrowind mod manager 0.8.4
"Morrowind Script Extender_is1" = Morrowind Script Extender 0.9.4.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Orden der Ehre 3.3_is1" = Orden der Ehre 3.0
"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)
"Rettungswagen Simulator 2012" = Rettungswagen Simulator 2012
"sniper_de_is1" = Sniper - Art of Victory
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 26.07.2012 06:13:29 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 08:59:21 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Birgit\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.07.2012 08:59:24 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Birgit\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.07.2012 08:59:24 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Birgit\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.07.2012 11:01:33 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003331f  ID des fehlerhaften
 Prozesses: 0xe44  Startzeit der fehlerhaften Anwendung: 0x01cd6b3a89a84e50  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c91ee130-d732-11e1-8258-002185692b2a
 
Error - 26.07.2012 17:46:44 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Media Center Events ]
Error - 24.07.2012 02:11:35 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 08:11:35 - Fehler beim Herstellen der Internetverbindung.  08:11:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 02:12:12 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 08:12:08 - Fehler beim Herstellen der Internetverbindung.  08:12:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 03:12:57 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 09:12:57 - Fehler beim Herstellen der Internetverbindung.  09:12:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 03:13:29 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 09:13:28 - Fehler beim Herstellen der Internetverbindung.  09:13:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 04:14:11 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 10:14:11 - Fehler beim Herstellen der Internetverbindung.  10:14:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 04:14:43 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 10:14:42 - Fehler beim Herstellen der Internetverbindung.  10:14:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 05:15:29 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 11:15:29 - Fehler beim Herstellen der Internetverbindung.  11:15:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 05:16:02 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 11:16:01 - Fehler beim Herstellen der Internetverbindung.  11:16:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 26.07.2012 05:44:34 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1722    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.07.2012 05:44:34 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 26.07.2012 05:44:34 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Atomuhr Synchronisation" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 26.07.2012 05:44:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 26.07.2012 05:44:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TeamViewer 7" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 26.07.2012 05:44:42 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1722    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.07.2012 05:44:42 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1722    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.07.2012 05:46:17 | Computer Name = Birgit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?07.?2012 um 11:45:15 unerwartet heruntergefahren.
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
    Leider besteht das Problem nach wie vor...

    Mit freundlichen Grüßen,
    Sween
  6. 27.07.2012, 08:22 #6
    kira
    kira ist gerade online
    Moderator Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    28.337

    AW: CPU-Auslastung dauerhaft bei 80-100%

    1.
    Zitat Zitat von Sween Beitrag anzeigen
    Leider besteht das Problem nach wie vor...
    wenn man die Anweisungen nicht richtig erledigt, soll sich nicht wundern! - (Posting #4 / Punkt 2.)

    NUR den rot markierten Text/Schrift bitte in das OTL-Textfeld reinkopieren!:

    Code:
    :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012.07.14 11:09:41 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\software@loadtubes.com
[2012.06.26 23:15:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 23:15:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 23:15:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 23:15:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 23:15:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.05.02 01:35:42 | 000,000,069 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\0data\cbs.exe -- [2012.03.09 17:53:38 | 003,427,328 | R--- | M] ()
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Setup.exe -- [2012.05.02 19:57:36 | 000,822,291 | R--- | M] (ZKY                                                         )
O33 - MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\0data\cbs.exe -- [2012.03.09 17:53:38 | 003,427,328 | R--- | M] ()
[2012.07.25 02:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 02:03:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.10 08:55:43 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.10 08:55:37 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
C:\Users\Birgit\AppData\Roaming\loadtbs
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
    2.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.
    Geändert von kira (28.07.2012 um 06:45 Uhr)
    Warnung!:
    Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
  7. 27.07.2012, 10:04 #7
    Sween
    Sween ist offline
    Einsteiger
    Registriert seit
    24.07.2012
    Beiträge
    6

    AW: CPU-Auslastung dauerhaft bei 80-100%

    Welchen rot markierten Text bitte??? Des einzige, was bei dir rot geschrieben is, sind die Nummerierungen...
  8. 28.07.2012, 06:45 #8
    kira
    kira ist gerade online
    Moderator Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    28.337

    AW: CPU-Auslastung dauerhaft bei 80-100%

    sorry, habe jetzt gemacht
    Warnung!:
    Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
  9. 28.07.2012, 16:22 #9
    Sween
    Sween ist offline
    Einsteiger
    Registriert seit
    24.07.2012
    Beiträge
    6

    AW: CPU-Auslastung dauerhaft bei 80-100%

    1.
    Code:
    All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Folder C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\software@loadtubes.com\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
File move failed. K:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5145be58-d42c-11e1-b9c6-806e6f6e6963}\ not found.
File move failed. G:\0data\cbs.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\ not found.
File move failed. K:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beec3f18-7ac1-11e1-8ef2-806e6f6e6963}\ not found.
File move failed. G:\0data\cbs.exe scheduled to be moved on reboot.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
========== FILES ==========
File\Folder C:\Users\Birgit\AppData\Roaming\loadtbs not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Birgit\Downloads\cmd.bat deleted successfully.
C:\Users\Birgit\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Birgit
->Temp folder emptied: 320024 bytes
->Temporary Internet Files folder emptied: 1358867 bytes
->Java cache emptied: 78744 bytes
->FireFox cache emptied: 234299633 bytes
->Flash cache emptied: 1190 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119063657 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36030747 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 373,00 mb
 
 
OTL by OldTimer - Version 3.2.54.1 log created on 07282012_155531

Files\Folders moved on Reboot...
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
File\Folder K:\autorun.inf not found!
File move failed. G:\0data\cbs.exe scheduled to be moved on reboot.
File\Folder K:\Setup.exe not found!
C:\Users\Birgit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2012.05.09 16:01:32 | 000,000,081 | R--- | M] () G:\Autorun.inf : MD5=2104538959C27D2C093C393DDCD4C4AA
File K:\autorun.inf not found!
[2012.03.09 17:53:38 | 003,427,328 | R--- | M] () G:\0data\cbs.exe : MD5=141471B20D941BDA03A8F653F2C1B824
File K:\Setup.exe not found!
File C:\Users\Birgit\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
    2. OTL.txt:
    Code:
    OTL logfile created on: 28.07.2012 16:00:23 - Run 3
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Birgit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,88% Memory free
4,99 Gb Paging File | 3,25 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 741,12 Gb Free Space | 84,18% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,27 Mb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 44,44 Gb Free Space | 98,27% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
Drive G: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Users\Birgit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PTBSync) -- C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WinRing0_1_2_0) -- C:\Windows\SysNative\drivers\ptbring0.sys (OpenLibSys.org)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 41 E6 D7 15 6B CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 23:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.26 11:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.31 02:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions
[2012.07.26 11:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions
[2012.06.20 00:45:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\m9pr3fh7.default\extensions\ich@maltegoetz.de
[2012.07.26 11:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.07 13:28:00 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M9PR3FH7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.06.26 23:14:58 | 000,017,247 | ---- | M] () (No name found) -- C:\USERS\BIRGIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M9PR3FH7.DEFAULT\EXTENSIONS\DISLIKE@DISLIKE.NETNOVATE.COM.XPI
[2012.07.19 23:00:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 23:15:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PTBSync] C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1ECAED-131E-46F1-B6ED-455F66E1259B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.09 16:01:32 | 000,000,081 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004.10.05 15:11:12 | 003,871,580 | R--- | M] (Macromedia, Inc.) - K:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.01.06 20:08:48 | 000,000,144 | RH-- | M] () - K:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002.07.15 13:41:18 | 000,024,576 | RH-- | M] () - K:\AutoRunMorrowind.exe -- [ UDF ]
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Autorun.exe -- [2004.10.05 15:11:12 | 003,871,580 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{5360b2c0-c37d-11e1-828b-806e6f6e6963}\Shell\install\command - "" = K:\Setup.exe -- [2001.09.05 05:23:24 | 000,056,320 | RH-- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.26 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.26 11:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.26 11:55:46 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.26 11:55:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.26 11:55:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.26 11:44:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 02:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.25 02:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.24 21:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012.07.24 20:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion
[2012.07.24 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Malwarebytes
[2012.07.24 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 20:01:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.24 20:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 17:56:54 | 000,014,544 | ---- | C] (OpenLibSys.org) -- C:\Windows\SysNative\drivers\ptbring0.sys
[2012.07.24 17:56:53 | 000,000,000 | --SD | C] -- C:\Users\Birgit\AppData\Local\PTBSync
[2012.07.24 17:56:53 | 000,000,000 | --SD | C] -- C:\ProgramData\PTBSync
[2012.07.24 17:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTBSync
[2012.07.22 23:35:58 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\ElevatedDiagnostics
[2012.07.22 21:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind Mod Manager
[2012.07.21 11:56:36 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.21 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.19 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MWScriptExtender
[2012.07.19 22:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind Script Extender
[2012.07.17 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\TeamViewer
[2012.07.17 23:13:27 | 000,000,000 | ---D | C] -- C:\Users\Birgit\temp
[2012.07.17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.07.12 23:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MC2
[2012.07.12 23:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MC2
[2012.07.12 22:24:38 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\convert
[2012.07.11 03:01:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 03:01:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 03:01:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 03:01:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 03:01:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 03:01:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 03:01:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 03:01:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 03:01:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 03:01:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 03:01:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 03:01:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 03:01:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 20:39:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 20:39:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 20:39:09 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 20:39:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 20:39:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 08:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.07.10 08:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.10 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Local\Google
[2012.07.07 16:41:44 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.07 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.07 16:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.06 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012.07.05 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\NFS Most Wanted
[2012.07.05 15:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.07.05 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2012.07.05 02:42:56 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Documents\Z-Software
[2012.07.05 02:42:56 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Z-Software
[2012.07.05 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Software
[2012.07.05 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rettungswagen Simulator 2012
[2012.07.05 00:06:13 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.07.05 00:06:13 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.07.05 00:06:13 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.07.05 00:06:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.07.05 00:06:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.07.05 00:06:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.07.05 00:06:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.07.05 00:06:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.07.05 00:06:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.07.05 00:06:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.07.05 00:06:11 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.07.05 00:06:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.07.05 00:06:09 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.07.05 00:06:09 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.07.05 00:06:08 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.07.05 00:06:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.07.05 00:06:07 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.07.05 00:06:07 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.07.05 00:06:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.07.05 00:06:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.07.05 00:06:07 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.07.05 00:06:07 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.07.05 00:06:06 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.07.05 00:06:06 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.07.05 00:06:05 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.07.05 00:06:05 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.07.05 00:06:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.07.05 00:06:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.07.05 00:06:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.07.05 00:06:03 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.07.05 00:06:02 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.07.05 00:06:02 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.07.05 00:06:01 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.07.05 00:06:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.07.05 00:06:00 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.07.05 00:06:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.07.05 00:06:00 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.07.05 00:06:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.07.05 00:05:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.07.05 00:05:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.07.05 00:05:48 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.07.05 00:05:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.07.05 00:05:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.07.05 00:05:48 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.07.05 00:05:48 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.07.05 00:05:48 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.07.05 00:05:47 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.07.05 00:05:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.07.05 00:05:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.07.05 00:05:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.07.05 00:05:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.07.05 00:05:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.07.05 00:05:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.07.05 00:05:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.07.05 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rettungswagen Simulator 2012
[2012.07.04 03:00:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.03 19:30:58 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\OpenOffice.org
[2012.07.03 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.07.03 14:23:43 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IN NOMINE IMPERATORIS
[2012.07.03 14:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IN NOMINE IMPERATORIS
[2012.07.03 14:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2012.07.03 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morrowind-Kram
[2012.07.03 14:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morrowind-Kram
[2012.07.02 09:24:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll
[2012.07.02 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.07.02 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012.07.02 09:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.02 09:17:53 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\DAEMON Tools Lite
[2012.07.02 09:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.02 09:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.01 21:22:12 | 000,000,000 | ---D | C] -- C:\Users\Birgit\AppData\Roaming\vlc
[2012.07.01 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.01 21:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.07.01 21:00:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.07.01 20:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.07.01 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.06.30 05:18:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.28 16:04:34 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 16:04:34 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 16:03:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.28 16:03:14 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.28 16:03:14 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.28 16:03:14 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.28 16:03:14 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.28 15:59:15 | 000,000,102 | -H-- | M] () -- C:\Users\Birgit\Documents\.~lock.wurzelimperium.ods#
[2012.07.28 15:58:16 | 000,000,559 | ---- | M] () -- C:\Users\Birgit\Documents\PTBSync-AutoExport-Birgit.ini
[2012.07.28 15:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.28 15:57:00 | 2011,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.28 15:55:01 | 000,013,592 | ---- | M] () -- C:\Users\Birgit\Documents\wurzelimperium.ods
[2012.07.28 15:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.27 00:49:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 00:49:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.26 12:10:04 | 000,168,332 | ---- | M] () -- C:\Users\Birgit\Documents\cc_20120726_120957.reg
[2012.07.26 11:55:27 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.26 11:55:27 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.25 02:21:35 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 20:01:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.24 18:41:56 | 000,294,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.24 17:56:54 | 000,014,544 | ---- | M] (OpenLibSys.org) -- C:\Windows\SysNative\drivers\ptbring0.sys
[2012.07.18 00:20:25 | 000,007,605 | ---- | M] () -- C:\Users\Birgit\AppData\Local\Resmon.ResmonCfg
[2012.07.17 23:13:19 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.03 16:30:57 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\Morrowind.ini
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 21:20:31 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.01 21:00:46 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.28 15:59:15 | 000,000,102 | -H-- | C] () -- C:\Users\Birgit\Documents\.~lock.wurzelimperium.ods#
[2012.07.26 12:10:00 | 000,168,332 | ---- | C] () -- C:\Users\Birgit\Documents\cc_20120726_120957.reg
[2012.07.25 02:21:27 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 20:01:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 00:20:25 | 000,007,605 | ---- | C] () -- C:\Users\Birgit\AppData\Local\Resmon.ResmonCfg
[2012.07.17 23:13:19 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.07.17 23:13:19 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.07 22:56:47 | 000,013,592 | ---- | C] () -- C:\Users\Birgit\Documents\wurzelimperium.ods
[2012.07.03 16:29:59 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Morrowind.ini
[2012.07.01 21:20:31 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.01 21:12:08 | 000,000,559 | ---- | C] () -- C:\Users\Birgit\Documents\PTBSync-AutoExport-Birgit.ini
[2012.07.01 21:00:46 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
 
========== LOP Check ==========
 
[2012.07.12 22:24:38 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\convert
[2012.07.26 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\DAEMON Tools Lite
[2012.07.03 19:30:58 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\OpenOffice.org
[2012.06.28 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Samsung
[2012.07.17 23:27:21 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\TeamViewer
[2012.03.31 02:32:29 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Thunderbird
[2012.07.05 02:42:56 | 000,000,000 | ---D | M] -- C:\Users\Birgit\AppData\Roaming\Z-Software
[2009.07.14 07:08:49 | 000,016,506 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
    Extras.txt:
    Code:
    OTL Extras logfile created on: 28.07.2012 16:00:23 - Run 3
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Birgit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,88% Memory free
4,99 Gb Paging File | 3,25 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 741,12 Gb Free Space | 84,18% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,27 Mb Free Space | 71,28% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 44,44 Gb Free Space | 98,27% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS
Drive G: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 1,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BIRGIT-PC | User Name: Birgit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08084185-AAC2-4AEC-AAC3-540BACA2424B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{08CDDA49-ED55-439C-A9F6-BFB0E06AE3A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C2BA798-3DE7-40C2-A0BE-9C1D4F15AFDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34768254-5E9F-4F28-A0D5-73205F6461E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36C08336-DB05-4BB7-99F9-F4CAA494AF83}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B59A62C-B166-4B2E-A7E8-E746E192C9DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5159EC50-BCE5-4DC4-AFA8-D151173BB6BC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{536B507E-6C6B-4DCC-8976-EC258CE522F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{624982D7-CA9D-4631-BA66-1D9D6C3320B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6F1FDFAA-BEF2-4101-9BF3-26C885B291ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7012C52C-9AFB-4B40-9ED7-0B55D84AEB41}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F770EDE-AD4B-4FC2-8E4D-069C13E828A7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{968FC3BA-A652-4753-AA3A-E2D986CBBFD8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{ACCD2E69-CFF4-43FB-8780-4BBAFCA17738}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE2DCBF8-4F21-4D6E-B8B4-A313223F0220}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B876FF05-57E6-4CB2-8654-6F0E4758F245}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C75393F3-5512-42C5-9E5C-BEA02FADBCFA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9579840-58B2-4A15-9CDB-95725A847053}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E279BE77-A28B-4486-AC66-16E466FDA20F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED2EC973-A71C-49EF-8196-8E68C277465B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F1C0AAB5-CD13-4F03-8EC7-77E20CBEAFE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F76ED8B5-059B-4C43-96AE-3C77947A8AAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9CBAE14-B482-4586-BFC5-17096106A4B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB0527AF-0BDA-4201-B735-AE133B38E785}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D898A5B-31B3-4EBE-96BE-9408032087F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{254A65CA-0319-46ED-AC26-C84E71531F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2AFF22EB-6DEF-4E51-8DEA-D92F5F9562DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3A49B0E4-BB24-4B2D-A0FD-F8E098D9EE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{3AE1B283-F5E6-4028-9795-6DC924E78201}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41706D1B-2A43-45F0-960D-17EE6E74C003}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{46B36978-B0B3-4D19-8CD0-848A111FDEE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DA4698C-CB07-4F5D-B74F-537D42265DA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AD87E06-9EFE-4DDC-B371-61B641BEFBA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6EE91D6B-8222-49CF-A1A7-D33E69C45FBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{707040BD-95A9-4D8B-BD76-A1F21F760E74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{723E51BB-325C-46FC-9A01-22D8643574F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{779F71CF-AC67-4B57-A4EA-6A8397466BF6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{78315F66-DE93-452B-9EF4-0FF757E673AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{789ABDF4-F722-49FD-9388-ABD3424D13C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{832E8AE6-71B7-4F31-A440-1D7447F67F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{883ED483-8C7D-42FE-A205-19615844F157}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A18E00B-3C6E-42FA-A4C2-F9EA34BA7825}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{984231A2-8A6A-443C-BEF0-72170A945D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A164302C-06CC-41F8-B5BE-9C5D3D93F4DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADF5B2F0-48DC-41D8-8B8E-6039EAAD1052}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{C060E636-B864-4DC1-9072-815B874DCE5A}" = protocol=6 | dir=out | app=system | 
"{C450EBBD-1A88-492C-AAF9-092B23EA608A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0C9375E-7B82-4406-82EE-891EBA54E082}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D720DB20-0AAD-4ED1-937E-C298EB1FA616}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{D7E78109-61F1-4E93-A5CA-2BF5473E54C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD8D809F-3FC7-40A0-AD8E-EDE7ADA86B50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{EF0D4712-ABF2-4DC9-94B9-AA81D3F86F52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite Demo
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"IN NOMINE IMPERATORIS" = IN NOMINE IMPERATORIS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Morrowind mod manager_is1" = Morrowind mod manager 0.8.4
"Morrowind Script Extender_is1" = Morrowind Script Extender 0.9.4.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Orden der Ehre 3.3_is1" = Orden der Ehre 3.0
"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)
"Rettungswagen Simulator 2012" = Rettungswagen Simulator 2012
"sniper_de_is1" = Sniper - Art of Victory
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 08:59:24 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Birgit\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.07.2012 11:01:33 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003331f  ID des fehlerhaften
 Prozesses: 0xe44  Startzeit der fehlerhaften Anwendung: 0x01cd6b3a89a84e50  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c91ee130-d732-11e1-8258-002185692b2a
 
Error - 26.07.2012 17:46:44 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.07.2012 18:41:35 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 19:48:18 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000ff1a0  ID des fehlerhaften
 Prozesses: 0x1104  Startzeit der fehlerhaften Anwendung: 0x01cd6b88f5f3d4a5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Berichtskennung:
 5f9fb550-d77c-11e1-bdcb-002185692b2a
 
Error - 26.07.2012 19:58:53 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x3ef35891  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000ff1a0  ID des fehlerhaften
 Prozesses: 0x198  Startzeit der fehlerhaften Anwendung: 0x01cd6b8a65d841a4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind.exe
Berichtskennung:
 d9cb2e98-d77d-11e1-bdcb-002185692b2a
 
Error - 27.07.2012 06:17:52 | Computer Name = Birgit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d1e2f  ID des fehlerhaften Prozesses: 0xc40  Startzeit der fehlerhaften Anwendung:
 0x01cd6b7fef209611  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 5231b795-d7d4-11e1-bdcb-002185692b2a
 
Error - 27.07.2012 21:26:33 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.07.2012 23:49:25 | Computer Name = Birgit-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Birgit\downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.07.2012 09:58:53 | Computer Name = Birgit-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 24.07.2012 02:11:35 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 08:11:35 - Fehler beim Herstellen der Internetverbindung.  08:11:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 02:12:12 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 08:12:08 - Fehler beim Herstellen der Internetverbindung.  08:12:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 03:12:57 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 09:12:57 - Fehler beim Herstellen der Internetverbindung.  09:12:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 03:13:29 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 09:13:28 - Fehler beim Herstellen der Internetverbindung.  09:13:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 04:14:11 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 10:14:11 - Fehler beim Herstellen der Internetverbindung.  10:14:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 04:14:43 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 10:14:42 - Fehler beim Herstellen der Internetverbindung.  10:14:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 05:15:29 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 11:15:29 - Fehler beim Herstellen der Internetverbindung.  11:15:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.07.2012 05:16:02 | Computer Name = Birgit-PC | Source = MCUpdate | ID = 0
Description = 11:16:01 - Fehler beim Herstellen der Internetverbindung.  11:16:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 26.07.2012 05:44:34 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 26.07.2012 05:44:34 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Atomuhr Synchronisation" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 26.07.2012 05:44:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 26.07.2012 05:44:36 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TeamViewer 7" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 26.07.2012 05:44:42 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1722    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.07.2012 05:44:42 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1722    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.07.2012 05:46:17 | Computer Name = Birgit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?07.?2012 um 11:45:15 unerwartet heruntergefahren.
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 26.07.2012 06:12:21 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.07.2012 09:55:31 | Computer Name = Birgit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Atomuhr Synchronisation" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
 
< End of report >
    Ich hoffe, diesmal hab ich alles richtig gemacht.
  10. 29.07.2012, 06:19 #10
    kira
    kira ist gerade online
    Moderator Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    28.337

    AW: CPU-Auslastung dauerhaft bei 80-100%

    1.
    Habe gerade festgestellt, hast Du OTL falsch installiert:
    OTL muss auf dem Desktop gespechert werden!
    Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
    also entfernen und erneut herunterladen!
    nach Installation im Logfile soll etwa so aussehen:
    Folder = C:\Users\***\Desktop
    2.
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häkchen bei LOP- und Purity-Prüfung
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.
    Warnung!:
    Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!
Seite 1 von 2 12 LetzteLetzte
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Windows 7 CPU- Auslastung mit einem Mal dauerhaft auch 100, davon svchost.exe cirka 50%
    Von msw0403 im Forum HijackThis Logfiles
    Antworten: 5
    Letzter Beitrag: 12.01.2012, 05:18
  2. CPU-Auslastung dauerhaft bei 100%
    Von ChrisKoch im Forum Archiv
    Antworten: 11
    Letzter Beitrag: 24.05.2010, 14:18
  3. CPU Auslastung bei 80-100%
    Von B1acky im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 03.04.2008, 04:25
  4. cpu auslastung bei 99-100%
    Von Quaster im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 14.01.2008, 22:54
  5. CPU Auslastung bei 100%
    Von .marti im Forum Archiv
    Antworten: 8
    Letzter Beitrag: 23.10.2005, 14:01

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln