Windows 7 fährt nicht mehr herunter und diverse Fehlermeldungen

SilasGun · 12. Mai 2013

Hallo erstmal,

ich habe ein paar Probleme mit meinem geliebtem Laptop.

Lenovo B570

Intel Core i5-2410M, 2x 2.30GHz
• RAM: 4GB
• Festplatte: 500GB
• Grafik: Intel HD Graphics 3000

Ich habe das Ereignisprotokoll in Windows entdeckt, und ich wünschte ich hätte es nicht gesehen. Jedenfalls steht da folgendes:

Kritische - innerhalb 7Tage = 2

Fehler - innerhalb 7Tage = 112

Warnung - innerhalb 7Tage = 286

Bei eig allen ist dieser Wert angegeben

"Beim Starten der Sitzung "Circular Kernel Context Logger" ist der folgende Fehler aufgetreten: 0xC0000035."

Ich habe dort mal nachgeschaut weil ich das Gefühl hatte das mein Rechner langsamer wird.

Dann wird mir immer in ca 2 Monatigen abständigen der Desktop unaufgefordert entrümpelt. Dabei werden fast alle Verknüpfungen gelöscht, die ich aber immer noch benutzt habe ! Wie gesagt, so gut wie alle Verknüpfungen.

Beim Herunterfahren wird mir dutzende male eine Fehlermeldung angezeigt von "xCentOS.exe"

Im Laufendem Betrieb erscheint "VSCentOS.exe" funktioniert nicht mehr.

Und jetzt lässt er sich auch nicht mehr Herunterfahren ! Er friert quasi beim Herunterfahren ein, so kommt es mir vor, jedenfalls tut sich 15min lang nichts, bis ich dann den Button drücke.

Könnt ihr mir helfen ???

Robert Carven · 12. Mai 2013

klingt nach Linux, also "CentOS" hast was in der art drauf als 2. System?

SilasGun · 12. Mai 2013

Ähhhhm NEIN ! Ich habe Ubuntu Betriebssystem auf einem USB Stick aber auf dem Lappi ist Windows 7 64bit

xCentOS.exe*32 = Teamspeak 3 Client Dieses habe ich aber vor langer Zeit Deinstalliert via Systemsteuerung ~ Programme usw

erschreckend das es noch i-wie da ist und ärger macht

micha6070 · 12. Mai 2013

Wenn ich mich recht erinnere ist Team Speak auch in den Browsren manifestiert - also da mal nach plug ins kucken - löschen und cache leeren . Und dann sehen wir weiter .

SilasGun · 13. Mai 2013

Nein nicht vorhanden. In Chrome (den ich nutze) nicht und im Internet Explorer (den ich nicht nutze) nicht. Im Internet Explorer sind viele Erweiterungen, ich kann sie scheinbar nicht löschen, jedenfalls finde ich keine Schaltfläche dafür. Ist ja auch egal ...

Ich habe hier mal ein Bericht von OTL

OTL logfile created on: 13.05.2013 00:30:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,92 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 57,45% Memory free
7,83 Gb Paging File | 5,58 Gb Available in Paging File | 71,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 212,30 Gb Total Space | 60,33 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive D: | 238,51 Gb Total Space | 108,79 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive E: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
Drive G: | 5,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\*****\AppData\Roaming\xCentOS\xCentOS.exe (TeamSpeak Systems GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - D:\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (McAWFwk) -- c:\Programme\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (EgisTec Service Help) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (EgisTecFF) -- C:\Windows\SysNative\drivers\EgisTecFF.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (S6000KNT) -- C:\Windows\SysNative\drivers\S6000KNT.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzum.com/?orig=DS&affid=62&cztbid=1416283274&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\..\SearchScopes\{1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://search.chatzum.com/?orig=DS&affid=62&cztbid=1416283274&q={searchTerms}
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.11.26 22:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.01.31 10:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.30 21:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.04.01 13:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.04.02 11:48:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.04.01 13:15:04 | 000,000,000 | ---D | M]

Wegen Buchstabenbegrenzung muss ich mehrer Posts machen

SilasGun · 13. Mai 2013

OTL Bericht 2

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00C2\u2122 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0\
CHR - Extension: James White = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Adblock Plus = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: SiteAdvisor = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: AdBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: YouTube Unblocker = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.2_0\
CHR - Extension: Click&Clean App = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0\
CHR - Extension: James White = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Adblock Plus = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: SiteAdvisor = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: AdBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: YouTube Unblocker = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.2_0\
CHR - Extension: Click&Clean App = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20130401232745.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130401232745.dll (McAfee, Inc.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000..\Run: [MicroUpdate] C:\windows\system32\MSDCSC\Be4a9fZ4wZ0J\msdcsc.exe File not found
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000..\Run: [Windows Update] C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hiurD.exe ()
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1000..\Run: [xCentOS] C:\Users\*****\AppData\Roaming\xCentOS\vxCentOS.exe ()
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1671761560-3910637431-3504999273-1001..\Run: [Spotify Web Helper] C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hiurD.exe ()
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0147457-0729-47D8-8F1B-CD8EE0C3E70C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2E12210-BED2-419A-B687-EABE57FE23D2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.31 23:20:39 | 000,055,616 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013.01.31 20:28:14 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{f3f68623-468e-11e2-a9e7-e4d53de11d81}\Shell - "" = AutoRun
O33 - MountPoints2\{f3f68623-468e-11e2-a9e7-e4d53de11d81}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2013.01.31 23:20:39 | 000,055,616 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.13 00:28:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.05.12 23:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.05.11 14:17:30 | 000,488,960 | ---- | C] (IMVUPremiumCreditStatusHack) -- C:\Users\*****\AppData\Roaming\update.exe
[2013.05.09 19:03:19 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die Sims 3 +++
[2013.05.09 18:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2013.05.09 18:18:06 | 000,000,000 | ---D | C] -- C:\Download
[2013.05.09 18:17:55 | 000,000,000 | ---D | C] -- C:\Nexon
[2013.05.09 18:17:52 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\windows\NEXON_EU_DownloaderUpdater.exe
[2013.05.09 17:31:41 | 000,115,200 | ---- | C] (Virtual Works Corporation) -- C:\Users\*****\AppData\Roaming\rogg.exe
[2013.05.09 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\xCentOS
[2013.05.09 15:35:32 | 000,010,847 | ---- | C] (Company) -- C:\Users\*****\AppData\Roaming\xCentOS.exe
[2013.05.09 00:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.05.07 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\dclogs
[2013.05.06 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Game Dev Tycoon
[2013.05.06 17:52:10 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\IOS
[2013.05.06 12:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.03 00:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.05.03 00:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013.05.01 13:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
[2013.04.30 17:46:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Peter L Jones
[2013.04.30 17:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\s3pe
[2013.04.25 17:34:33 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Electronic Arts
[2013.04.25 17:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013.04.23 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Tropico 4
[2013.04.23 23:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.04.23 23:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2013.04.23 20:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.23 20:05:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.04.23 20:05:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.04.23 20:05:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.23 15:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
[2013.04.23 15:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Lite
[2013.04.23 15:02:40 | 000,000,000 | R--D | C] -- C:\Users\*****\Desktop\File upload
[2013.04.17 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2013.04.17 08:38:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\BitShare.com Downloads
[2013.04.17 08:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitShare.com
[2013.04.17 01:48:40 | 000,000,000 | ---D | C] -- C:\Users\*****\Anonymous
[2013.04.17 01:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File-Upload.net
[2013.04.17 00:59:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Xenocode
[2013.04.15 22:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
[2013.04.15 22:21:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Nero
[2013.04.15 22:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.04.15 22:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.04.15 21:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

========== Files - Modified Within 30 Days ==========

[2013.05.13 00:38:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 00:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.05.13 00:14:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.12 20:37:30 | 000,233,857 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.05.12 20:37:17 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.12 20:12:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.12 18:57:58 | 000,000,210 | ---- | M] () -- C:\Users\*****\Desktop\NAVYFIELD2.url
[2013.05.12 18:46:57 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.12 18:46:57 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.12 18:45:01 | 001,612,544 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.12 18:39:29 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.11 16:34:18 | 000,007,641 | ---- | M] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2013.05.11 15:45:24 | 000,696,884 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.11 15:45:24 | 000,652,162 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.11 15:45:24 | 000,148,148 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.11 15:45:24 | 000,121,094 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.11 15:20:14 | 000,010,847 | ---- | M] (Company) -- C:\Users\*****\AppData\Roaming\xCentOS.exe
[2013.05.11 14:19:01 | 000,024,576 | ---- | M] () -- C:\Users\*****\AppData\Roaming\lol.exe
[2013.05.11 14:18:13 | 000,488,960 | ---- | M] (IMVUPremiumCreditStatusHack) -- C:\Users\*****\AppData\Roaming\update.exe
[2013.05.10 13:40:02 | 000,069,632 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Intel_Driver.exe
[2013.05.10 13:40:02 | 000,069,632 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hiurD.exe
[2013.05.09 18:17:54 | 000,000,235 | ---- | M] () -- C:\windows\SysWow64\nxEuUninstall.bat
[2013.05.09 18:17:52 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\windows\NEXON_EU_DownloaderUpdater.exe
[2013.05.09 17:33:03 | 000,115,200 | ---- | M] (Virtual Works Corporation) -- C:\Users\*****\AppData\Roaming\rogg.exe
[2013.05.09 16:34:50 | 000,007,168 | ---- | M] () -- C:\Users\*****\AppData\Roaming\System-Cleaner.exe
[2013.05.09 00:06:26 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.01 13:38:52 | 000,000,989 | ---- | M] () -- C:\Users\*****\Desktop\Leviathan Warships.lnk
[2013.04.30 15:05:26 | 000,000,632 | ---- | M] () -- C:\Users\*****\Desktop\Filme - Verknüpfung.lnk
[2013.04.29 16:36:20 | 003,838,422 | ---- | M] () -- C:\Users\*****\Desktop\LadyFrontbum_Skin_Naughty_Default.package
[2013.04.21 22:33:14 | 000,001,341 | ---- | M] () -- C:\Users\*****\Desktop\AoK HD - Verknüpfung.lnk
[2013.04.19 06:50:58 | 000,085,358 | ---- | M] () -- C:\Users\*****\Desktop\NRaas_Decensor.package
[2013.04.17 08:37:42 | 000,003,073 | ---- | M] () -- C:\Users\*****\Desktop\BitShare Manager.lnk
[2013.04.15 22:35:17 | 000,001,505 | ---- | M] () -- C:\Users\*****\Desktop\DTLite - Verknüpfung.lnk
[2013.04.15 21:21:41 | 000,001,122 | ---- | M] () -- C:\Users\*****\Desktop\Cyberlink Power2Go.lnk
[2013.04.13 14:07:21 | 000,020,801 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel

SilasGun · 13. Mai 2013

OTL Bericht 3

========== Files Created - No Company Name ==========

[2013.05.11 14:18:59 | 000,024,576 | ---- | C] () -- C:\Users\*****\AppData\Roaming\lol.exe
[2013.05.10 13:40:20 | 000,069,632 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hiurD.exe
[2013.05.09 19:17:42 | 000,000,210 | ---- | C] () -- C:\Users\*****\Desktop\NAVYFIELD2.url
[2013.05.09 18:17:54 | 000,000,235 | ---- | C] () -- C:\windows\SysWow64\nxEuUninstall.bat
[2013.05.09 16:18:25 | 000,007,168 | ---- | C] () -- C:\Users\*****\AppData\Roaming\System-Cleaner.exe
[2013.05.08 19:48:43 | 000,069,632 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Intel_Driver.exe
[2013.05.03 00:05:51 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.01 13:38:52 | 000,000,989 | ---- | C] () -- C:\Users\*****\Desktop\Leviathan Warships.lnk
[2013.04.30 18:12:58 | 002,921,865 | ---- | C] () -- C:\Users\*****\Desktop\cmar_XCAS_corebasics50.package
[2013.04.30 15:05:26 | 000,000,632 | ---- | C] () -- C:\Users\*****\Desktop\Filme - Verknüpfung.lnk
[2013.04.29 19:20:08 | 000,777,585 | ---- | C] () -- C:\Users\*****\Desktop\NRaas_Woohooer.package
[2013.04.29 16:36:12 | 003,838,422 | ---- | C] () -- C:\Users\*****\Desktop\LadyFrontbum_Skin_Naughty_Default.package
[2013.04.23 23:27:28 | 000,007,641 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2013.04.21 22:33:14 | 000,001,341 | ---- | C] () -- C:\Users\*****\Desktop\AoK HD - Verknüpfung.lnk
[2013.04.19 06:50:53 | 000,085,358 | ---- | C] () -- C:\Users\*****\Desktop\NRaas_Decensor.package
[2013.04.17 08:37:42 | 000,003,073 | ---- | C] () -- C:\Users\*****\Desktop\BitShare Manager.lnk
[2013.04.15 22:35:17 | 000,001,505 | ---- | C] () -- C:\Users\*****\Desktop\DTLite - Verknüpfung.lnk
[2013.04.13 14:07:21 | 000,020,801 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2013.04.10 23:38:37 | 000,268,952 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.04.10 23:38:35 | 000,682,280 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2013.04.10 23:38:35 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013.04.05 18:40:31 | 000,033,626 | ---- | C] () -- C:\Users\*****\Unbenannt 1.odt
[2013.04.01 13:11:10 | 000,217,995 | ---- | C] () -- C:\windows\hpoins46.dat
[2013.04.01 13:11:10 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2013.03.28 23:23:12 | 000,000,321 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Gangsters2Setup.lnk
[2013.03.25 16:42:20 | 000,000,600 | ---- | C] () -- C:\windows\Rtcw.INI
[2013.03.19 00:29:24 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013.03.14 23:42:43 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2013.03.14 23:42:43 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2013.03.02 18:25:50 | 001,579,642 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.01.20 23:33:25 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd
[2012.12.14 02:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.12.14 02:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2011.11.26 22:00:29 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.01 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2013.03.09 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CorsixTH
[2012.12.15 16:50:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2013.05.11 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dclogs
[2012.12.15 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JDownloaderPackages
[2013.04.26 03:53:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Kalypso Media
[2013.02.21 23:58:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2012.12.15 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2013.01.30 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2013.04.30 17:46:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Peter L Jones
[2013.01.20 03:05:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\redsn0w
[2013.02.11 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RenPy
[2013.04.07 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SOCCC
[2013.03.19 07:33:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2013.01.28 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2013.03.14 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2013.04.25 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Tropico 4
[2013.04.09 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft
[2013.02.23 19:26:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinMedia
[2013.05.12 18:40:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\xCentOS
[2013.03.29 22:31:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2013.03.29 22:13:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iminent
[2013.03.02 22:54:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2013.03.15 00:25:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2013.03.06 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spotify

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 66 bytes -> C:\Users\*****\AppData\Roaming\test_debug.log:RCDATA

< End of report >

SilasGun · 13. Mai 2013

OTL EXTRA Bericht

OTL Extras logfile created on: 13.05.2013 00:30:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Genius\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,92 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 57,45% Memory free
7,83 Gb Paging File | 5,58 Gb Available in Paging File | 71,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 212,30 Gb Total Space | 60,33 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive D: | 238,51 Gb Total Space | 108,79 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive E: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
Drive G: | 5,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: GENIUS-PC | User Name: Genius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1671761560-3910637431-3504999273-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F599608-BD28-438C-B042-73A73F88D28E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E31773F8-9FD9-4B56-A7A6-12A0B2025BB1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F0E7D4ED-445E-460B-88F9-2AB65A31E3AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0022F7DF-921A-4FF5-B5FA-E01875CF86A4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{08E20D57-6099-4D93-8431-5D76500C0E66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{09ADAE43-259A-415A-8321-378834F4B375}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{0A843302-9F68-4307-8635-DACEFA3CCBDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{0BBC65AB-9386-4F46-A9D5-B25A7E088E87}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10A3CCED-7721-4E78-9F6B-5046BE010DCE}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{1B0433A0-77CB-45A3-9ED3-BBDE63266A5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{21818DF4-9FE2-433A-A72F-5FD919F128FE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{22CFF3D9-5B36-4413-8A59-540D8E17F761}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24844847-AA22-47DB-AF39-120503ACCB21}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{35F92297-0603-4C63-B1B0-0AB7402EECE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{390AAF96-6553-4BFE-B874-E01B8D569476}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{39CD94F2-B09B-4EDB-8252-387510264669}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{3C03F396-7320-4557-AE2D-3FB7C988C3BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3CB73176-2D95-45E7-B4D3-88E7C20EF24F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{3D4001D6-4E71-4536-B3E8-5BBAADFFB22B}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{478EAED3-8DD8-40C7-BC94-CC5338A67FB8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{514F5AB3-4D3E-4155-929F-B4E9F5E1DB52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5C031022-E0C9-4B4C-A27C-B22B56BB387E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5DC977D3-BC8B-4FC1-8F84-7181330A0473}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5F9122AE-5E75-4A78-BE34-3CA15B0C0523}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6B927AF8-9F21-4A8D-9CEA-3C0E58F59671}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7111BA78-A975-40D9-BBAF-23A62F2849B1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8CD0F7E3-70C8-47A6-A025-B723481EF5E7}" = dir=in | app=c:\users\genius\appdata\local\temp\7zs1669\setup\hpznui40.exe |
"{94DA4FB1-C16C-4D29-8C40-F72EB25D701E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9A828B43-AF5C-4AEE-B635-B092D224050B}" = dir=in | app=d:\games !!! (nur games)\chris\port royale 3\portroyale3.exe |
"{9CBB5181-DFB1-490D-8FF2-9D0D38ABBE76}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A262F2E3-DA01-480C-B488-F3C2761F5E59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B18FE42D-6191-477D-B69D-31C8F42FE06C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC8C0C34-8E79-4A83-B296-4EFE948479C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{C4EC60A1-7D38-466A-8897-1AE489C3CC23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CA4D5E17-EBC7-4511-94B4-4715BAE86E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CB6610B1-500B-464E-9E21-D32E70C2BB02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{D33DCF3A-0753-45F3-B9B9-4E56E0B79632}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D64657CC-CB80-4BA4-B33E-20FAA3E6886C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{DC881078-5395-4D13-BEEB-228C94ECBB68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E2317289-B848-45E8-84DD-F6639B44ABDB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E2C39EA1-AE68-4D29-B341-6B4D5041E111}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E7FDFC09-C946-4F2B-BF5C-9D5988070ADC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EC2A958C-E2F0-4B53-8DB2-DF81D3868212}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F5123DE7-F188-47EF-A97E-5BC6B3993104}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FA4B197D-6AA8-4D21-ADE5-02D95BF0C299}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FBAAC21F-5678-4F72-BE6A-7DA79134CFA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"TCP Query User{F598DD03-BFEB-4CAD-AF18-8E47D10577C5}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{59188900-1A7F-451E-AF01-18355DE53AB6}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.4
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.52
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C72D4EA-BA65-4B9D-92F9-B916A25A8C4D}_is1" = The Klub 17 [v 6.10]
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = Die Sims™ 3 Katy Perry Süße Welt
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B5DD0F28-0167-4F1E-A114-06AB8DC82D81}" = Die Gilde 2 Venedig
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = Die Sims™ 3 70er, 80er & 90er Accessoires
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = Die Sims™ 3 Wildes Studentenleben
"{F3A6CE16-D390-49CE-A37D-3513AFD690F1}" = BitShare Manager
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC9B811E-39BC-4813-9E29-B83CCF700010}" = Lenovo EasyCamera
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Astroburn Lite" = Astroburn Lite
"AudibleManager" = AudibleManager
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"Leviathan Warships_is1" = Leviathan Warships version 1.00
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee AntiVirus Plus
"NavyField2 EU" = NavyField2
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD (c) Microsoft Studios version 1
"TeamViewer 8" = TeamViewer 8
"Tropico 4 Collectors Bundle_is1" = Tropico 4 Collectors Bundle
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.4
"Xvid Video Codec 1.3.2" = Xvid Video Codec

Rheinhold · 13. Mai 2013

Das mit dem Desktop entrümpeln ist hier abzustellen:
Windows 7: Warum Verknüpfungen vom Desktop verschwinden (und was man dagegen tun kann) « [W-inside] powered by gieseke-buch.de
Und bei m IE kannst du AddOns auch deaktivieren die nicht zu löschen sind:

Elloh · 13. Mai 2013

Hallo

SilasGun & willkommen im Forum

Der Temaviewer ist noch immer auf dem System, wenn auch nur als evtl Halbleiche
Ruf dir mal den folgenden Pfad auf

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
und den hier
C:\Users\*****\AppData\Roaming\xCentOS.exe

Generell mit Opitmierer/Cleaner Software aufpassen, welche du auch auf dem PC hast, evtl gemachte Optimierungen darüber sind meist wieder rückgänging zu machen, innerhalb dieser Software selbst.
C:\Users\*****\AppData\Roaming\System-Cleaner.exe

Mein Vorschlag:
Nochmal in der Softwareliste nachschauen, ob dieser Client immer noch drauf ist, oder lediglich ein fehlerhaft/ungelöschter Registrywert dafür verantwortlich ist.

Lade dir bitte im Anschluss daran autoruns und analysiere bitte die PlugIns, bzw diverse Resteinträge innerhalb der Registry auch unter dem Eintrag "Runs" & , die evtl noch verblieben sind, nach deiner Deinstall von Teamspeak und diversen anderen möglichen Systembremsern.
zB unter diesen hier:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Nach dem Start dieser freeware (englisch) wird dir im Ersteintrag "Everything" bereits sämtliche Infos geliefert, welche du via Checkbox abwählen kannst, bzw. via Rechtsklick auch löschen. Doch Vorsicht wenn du nicht sicher bist. Dann lieber erst mal nur abwählen.

Neustart des PCs

LG

SilasGun · 13. Mai 2013

Ich weiß, hätte ich vllt erwähnen sollen, und es IST bei mir auf AUS ! Das ist mir ja schonmal passiert vor ca ~2 Monaten, daraufhin habe ich gegoogelt und den gleichen Weg gefunden. Schwupps schön auf AUS gestellt ABER es ist wie gesagt wieder passiert. Mein Desktop sieht ja jetzt vllt schön übersichtlich aus, aber ich darf mir die ganzen Verknüpfungen wieder ranholen

Dieser POST bezieht sich auf Nr. 09

Rheinhold · 13. Mai 2013

Um Windows Porentief zu reinigen nehme ich das:
http://privazer.com/
Da sollte man aber wie bei allen Tun UPS wissen was man macht :smokin

Das mit dem Desktop aufräumen muss wohl was anderes sein.
Es verschwinden sonst nur Verknüpfungen die lange nicht genutzt wurden.

SilasGun · 13. Mai 2013

Teamviewer habe ich ja auch

ist installiert und nutze ich.

Taskmanager sagt das xCentOS.exe TeamSPEAK ist, dieses habe ich vor langer Zeit gelöscht, nicht verwechseln.

Also Teamviewer hab ich, alles okay. Teamspeak habe ich nicht mehr, aber Taskmanager sagt mir mit dieser exe das ich es immer noch habe.

EDIT: C:\Users\---\AppData\Roaming\... gefunden, system-cleaner ... kp was das ist, ich habe solche Programme nicht außer vllt Boot Optimizer von Lenovo selbst. Die ominöse exe Datei ist tatsächlich dort zu finden, doch wo gehört sie jetzt hin ? Kann ich sie löschen, weil wenn sie zu Teamspeak gehört, dürfte ich sie ja eig nicht mehr haben bzw kann sie halt jetzt löschen !?

Rheinhold · 13. Mai 2013

gelöscht, nicht deinstalliert?

SilasGun · 13. Mai 2013

Rheinhold schrieb:
Um Windows Porentief zu reinigen nehme ich das:
Free PC cleaner
Da sollte man aber wie bei allen Tun UPS wissen was man macht :smokin

Das mit dem Desktop aufräumen muss wohl was anderes sein.
Es verschwinden sonst nur Verknüpfungen die lange nicht genutzt wurden.

Da gibt es doch auch wieder solche und solche, die einen schwören auf ccleaner die ander auf dein Programm da und wieder andere auf was ganz anderes deswegen weiß ich ketztendlich nie woran ich bin und lass es lieber. Am Ende habe ich diverse Programme um andere Programme zum laufen zu bringen oder um den PC zu beschleunigen oder um dinge besser zu löschen. Da finde ich immer beißt sich die Katze in den eigenen Schwanz wenn man wirklich alles lädt was man empfohlen bekommt um den eigenen Rechner zu Optimieren.

Elloh · 13. Mai 2013

Sry, mein Fehler, du hast natürlich recht Teamviewer und Teamspeak

...ich bin ja auch schon so im Halbschlaf

Ich gehe davon aus, dass dieser Eintrag als Starteintrag beim Booten mitgestartet wird.
C:\Users\*****\AppData\Roaming\xCentOS.exe

schau mal unter mscionfig nach,ob da ein Eintrag des Clients noch eingetragen ist
Windowstaste + r > msconfig eintippen > Enter
schau bitte dort dann unter den Reitern Dienste und Systemstart

Anschließend unter dem oben bereits erwähnten Pfad, händisch das Teil rauslöschen.
Neustart

LG

SilasGun · 13. Mai 2013

TeamSpeak habe ich damals deinstalliert ! Natürlich lösche ich nicht i-welche Dateien die evtl noch i-wo hin gehören oder versuche ein Programm zu löschen in dem ich einfach alle Dateien lösche ^^. Teamspeak damals sauber und anständig Deinstalliert, nur die Frage ob ich diese xCentOS.exe gedankenlos löschen kann !?

Elloh · 13. Mai 2013

Verschiebe sie einfach mal an einen anderen Ort, als Backup sozusagen, um sie zur Not wieder herstellen zu können

LG

:sleep

SilasGun · 13. Mai 2013

Da schaue ich bei dem Systemstart immer mal wieder drüber und muss erkennen das sich das tatsächlich diese exe eingenistet hat^^, wie noobig. Und ein Programm namen "hiurD" was mir sehr unseriös wirkt. Zu finden bei mir unter C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hiurD.exe

Alos lösche ich jetzt die xCentOS.exe

Bin gleich wieder zurück ^^

EDIT: Verschieben ... okay noch gelesen lol

EDIT²: Ich habe besagte exe auf den Desktop verschoben und sie gleichzeitig aus dem Systemstart gefeuert. Beim versuch neuzustarten ploppte wieder ein Dutzend mal eine Fehlermeldung auf das diese exe ebene den Fehlercode so und so hat, ich konnte nicht so schnell reagieren und das Fenster kopieren.

diogenes · 13. Mai 2013

Heisst die wirklich hiurD.exe ?
Suchmaschine kennt sie nicht.........

Anzeige

Anzeige

Windows 7 fährt nicht mehr herunter und diverse Fehlermeldungen

kennt sich schon aus

gehört zum Inventar

kennt sich schon aus

gehört zum Inventar

kennt sich schon aus

kennt sich schon aus

kennt sich schon aus

kennt sich schon aus

Rheinhold

Gast

Anhänge

Elloh

Gast

kennt sich schon aus

Rheinhold

Gast

kennt sich schon aus

Rheinhold

Gast

kennt sich schon aus

Elloh

Gast

kennt sich schon aus

Elloh

Gast

kennt sich schon aus

Kohlkopp