Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Wie werde ich Yontoo los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 18.05.2013, 21:25   #1
Aprill
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?



Liebe Expertinnen & Experten,
ich habe mir heute die Ad-Ware Yontoo eingehandelt, als ich einen Mediaconverter für meinen alten Sansa-Mp3-Player runterladen wollte. Wie werde ich das Ding wieder los?
Über Programme löschen hat es nicht geklappt, d.h. vor dem LÖschversuch hat sich Kaspersky eingeschaltet und irgendwas gefragt, ich dachte, ich könne das Programm nicht löschen, wenn ich nicht einen Zugriff erlaube und habe so was angeklickt wie: "nur unschädliche Aktionen erlauben" - sorry, aber ich hab's mir nicht gemerkt, das Fenster war so schnell weg. Jedenfalls ließ sich das Ding nicht löschen. Auch nicht aus "Programme (x86)". Ich habe es im Autostart deaktiviert, aber als Prozess wird er immer wieder angezeigt: "Yontoo Desktop 32 Bit"

Vielen Dank!

Hab ich das richtig verstanden, dass ich meine logfiles hier veröffentlichen soll, für alle einsehbar?

Alt 18.05.2013, 21:29   #2
t'john
/// Helfer-Team
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?





Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


dann:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 19.05.2013, 10:22   #3
Aprill
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?



Lieber T'John,
so, der este Schritt ist getan. Hier die Logdatei vom AdwCleaner.
Unter Prozesse taucht Yontoo schon gar nicht mehr auf. Reicht das nicht schon?

Ich muss noch hinzufügen, dass ich gestern noch den Defogger aktiviert habe, so wie es in eurer Erstanleitung steht. (Ohne zu wissen, ob ich ein CD-Emulatordings habe... )

Bis dahin schon mal danke.

Logdatei AdwCleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 19/05/2013 um 11:11:44 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : *** - ZENBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Yontoo

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\92d7deb369be47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yk4qf7wp.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4067 octets] - [19/05/2013 11:11:44]

########## EOF - C:\AdwCleaner[S1].txt - [4127 octets] ##########
         
--- --- ---
__________________

Alt 19.05.2013, 11:51   #4
t'john
/// Helfer-Team
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?



Mache die zwei Scans noch zur Kontrolle.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.05.2013, 15:38   #5
Aprill
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?



Lieber T'John,
so jetzt habe ich die beiden anderen Scans auch durchgeführt. Hier kommen die Logfiles:

malwarebytes meldete, dass nichts gefunden wurde:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.19.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
*** :: ZENBOOK [administrator]

19.05.2013 16:11:33
mbar-log-2013-05-19 (16-11-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 8251
Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Und die beiden Logfiles von OTL: 1.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.05.2013 16:20:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 45,66% Memory free
5,14 Gb Paging File | 2,99 Gb Available in Paging File | 58,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 123,66 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Drive D: | 258,45 Gb Total Space | 258,33 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: ZENBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c54b85a401b0379a9b775a644fad1b7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa29c7539bd729147a7d1f1ae0ce5670\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1058660861056b038fbc9274994c8b75\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (DptfPolicyConfigTDPService) -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe ()
SRV:64bit: - (DptfParticipantProcessorService) -- C:\Windows\SysNative\DptfParticipantProcessorService.exe ()
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (CyberLink PowerDVD 13 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
SRV - (CyberLink PowerDVD 13 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (ExpressCache) -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\Drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( )
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\Drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (DptfManager) -- C:\Windows\SysNative\Drivers\DptfManager.sys (Intel Corporation)
DRV:64bit: - (DptfDevGen) -- C:\Windows\SysNative\Drivers\DptfDevGen.sys (Intel Corporation)
DRV:64bit: - (DptfDevDram) -- C:\Windows\SysNative\Drivers\DptfDevDram.sys (Intel Corporation)
DRV:64bit: - (DptfDevFan) -- C:\Windows\SysNative\Drivers\DptfDevFan.sys (Intel Corporation)
DRV:64bit: - (DptfDevPch) -- C:\Windows\SysNative\Drivers\DptfDevPch.sys (Intel Corporation)
DRV:64bit: - (DptfDevProc) -- C:\Windows\SysNative\Drivers\DptfDevProc.sys (Intel Corporation)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\Drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation)
DRV - ({09F57980-3432-4AFC-957D-27AC45FAE1F5}) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-174680979-3380738750-1060645545-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKU\S-1-5-21-174680979-3380738750-1060645545-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-174680979-3380738750-1060645545-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-174680979-3380738750-1060645545-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.25 21:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.25 21:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.25 21:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.25 21:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.25 21:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013.02.11 18:44:08 | 000,136,309 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2013.05.18 21:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.18 17:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.18 21:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.18 21:12:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL File not found
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll (Nuance Communications, Inc.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\dptfpolicylpmservicehelper.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-174680979-3380738750-1060645545-1004..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D6C5887-FB72-4ED1-A0C9-FB6221B1B60F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.19 15:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.19 15:54:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.05.18 21:26:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.18 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2013.05.18 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2013.05.18 21:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.18 21:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.18 17:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.05.18 17:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.05.18 17:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.18 10:17:07 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.05.18 10:17:06 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.05.18 10:17:06 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.05.18 10:17:04 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.05.18 10:17:03 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.05.18 10:17:03 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.05.18 10:17:03 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.05.18 10:17:02 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.05.18 10:17:01 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.05.18 10:17:01 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013.05.18 10:16:57 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.05.18 10:16:56 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013.05.18 10:16:56 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013.05.18 10:16:55 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.05.18 10:16:55 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.05.18 10:16:55 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.05.18 10:16:55 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013.05.18 10:16:54 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.05.18 10:16:53 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.05.18 10:16:53 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.05.18 10:16:53 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.05.18 10:16:53 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013.05.18 10:16:52 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.18 10:16:52 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.05.18 10:16:52 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013.05.18 10:16:52 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.05.18 10:16:52 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013.05.18 10:16:52 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.05.18 10:16:51 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.18 10:16:51 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.05.18 10:16:51 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.05.18 10:16:51 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.05.18 10:16:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.05.18 10:16:50 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.05.18 10:16:50 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.05.18 10:16:50 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013.05.18 10:16:50 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.05.18 10:16:50 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.05.18 10:16:50 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.05.18 10:16:50 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.05.18 10:16:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013.05.18 10:16:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.05.18 10:16:50 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013.05.18 10:16:50 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.05.18 10:16:50 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013.05.18 10:16:50 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013.05.18 10:16:50 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013.05.18 10:16:50 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013.05.18 10:16:49 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013.05.18 10:16:49 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.05.18 10:16:49 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.05.18 10:16:49 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.05.18 10:16:49 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013.05.18 10:16:49 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013.05.18 10:16:49 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013.05.18 10:16:47 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.05.18 10:16:47 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013.05.18 10:16:47 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.05.18 10:16:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.05.18 10:16:46 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013.05.18 10:16:46 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013.05.18 10:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.05.18 10:16:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013.05.18 10:16:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013.05.18 10:16:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013.05.18 10:16:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013.05.17 19:26:37 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.05.17 19:26:36 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.05.17 16:35:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.16 21:45:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 21:45:36 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.05.16 21:45:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 21:45:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 21:45:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 21:45:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 21:45:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 21:45:01 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 21:44:50 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.05.16 09:35:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SanDisk
[2013.05.10 07:36:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\soft-evolution
[2013.05.10 07:35:47 | 000,462,848 | ---- | C] (IBPhoenix) -- C:\Windows\SysWow64\Firebird2Control.cpl
[2013.05.10 07:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firebird
[2013.05.10 07:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pimero 2012
[2013.05.10 07:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pimero 2012
[2013.05.09 21:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2013.05.09 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013.05.09 21:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CyberLink
[2013.05.09 21:03:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13
[2013.05.09 21:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013.05.09 20:26:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Sansa Media Converter
[2013.05.03 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Friends
[2013.04.26 18:21:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance
[2013.04.26 18:14:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet
[2013.04.26 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
[2013.04.26 18:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2013.04.26 18:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2013.04.26 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2013.04.26 18:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2013.04.26 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013.04.26 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.04.26 18:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.19 16:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.19 16:19:54 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\sp_data.sys
[2013.05.19 16:19:15 | 000,438,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.19 16:19:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.19 16:19:10 | 3339,972,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.19 15:10:27 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.19 15:10:27 | 000,761,598 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.19 15:10:27 | 000,718,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.19 15:10:27 | 000,159,306 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.19 15:10:27 | 000,136,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.19 12:07:03 | 000,000,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2013.05.19 11:00:46 | 000,632,031 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.18 21:55:37 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.18 21:53:05 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.18 21:26:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.18 21:12:44 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.12 10:45:02 | 000,673,883 | ---- | M] () -- C:\Users\***\Documents\Ökotest.pdf
[2013.05.12 10:42:11 | 000,018,944 | ---- | M] () -- C:\Users\***\Documents\Zeugs.wdb
[2013.05.10 17:53:23 | 000,079,996 | ---- | M] () -- C:\Users\***\Documents\Termine Mai.JPG
[2013.05.10 14:51:09 | 000,042,763 | ---- | M] () -- C:\Users\***\Documents\Termine Mai.PNG
[2013.05.10 14:46:01 | 000,042,316 | ---- | M] () -- C:\Users\***\Documents\Termine für Mai.PNG
[2013.05.10 09:01:10 | 000,006,514 | ---- | M] () -- C:\Users\***\Documents\Kalender Druck.prnx
[2013.05.10 07:44:54 | 000,008,371 | ---- | M] () -- C:\Users\***\Documents\Kalender.ics
[2013.05.10 07:43:16 | 000,006,563 | ---- | M] () -- C:\Users\***\Documents\Kalender v.vcs
[2013.05.10 07:35:41 | 000,001,018 | ---- | M] () -- C:\Users\***\Desktop\Pimero.lnk
[2013.05.09 21:03:01 | 000,001,413 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
[2013.05.07 22:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.07 22:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.03 07:42:23 | 000,001,635 | ---- | M] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2013.04.26 18:12:19 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2013.04.26 18:07:21 | 000,000,060 | ---- | M] () -- C:\Windows\wininit.ini
[2013.04.25 21:14:54 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.04.25 21:14:54 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klwfp.sys
[2013.04.25 21:14:53 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.25 21:14:53 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.19 16:19:15 | 000,438,144 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.19 11:00:45 | 000,632,031 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.18 21:55:37 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.18 21:53:05 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.18 21:12:44 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.18 21:12:44 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.18 10:16:45 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.12 10:45:02 | 000,673,883 | ---- | C] () -- C:\Users\***\Documents\Ökotest.pdf
[2013.05.10 17:53:23 | 000,079,996 | ---- | C] () -- C:\Users\***\Documents\Termine Mai.JPG
[2013.05.10 14:51:09 | 000,042,763 | ---- | C] () -- C:\Users\***\Documents\Termine Mai.PNG
[2013.05.10 14:46:00 | 000,042,316 | ---- | C] () -- C:\Users\***\Documents\Termine für Mai.PNG
[2013.05.10 09:01:10 | 000,006,514 | ---- | C] () -- C:\Users\***\Documents\Kalender Druck.prnx
[2013.05.10 07:43:16 | 000,006,563 | ---- | C] () -- C:\Users\***\Documents\Kalender v.vcs
[2013.05.10 07:40:06 | 000,008,371 | ---- | C] () -- C:\Users\***\Documents\Kalender.ics
[2013.05.10 07:35:41 | 000,001,018 | ---- | C] () -- C:\Users\***\Desktop\Pimero.lnk
[2013.05.09 21:20:56 | 000,000,080 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2013.05.09 21:20:26 | 000,018,944 | ---- | C] () -- C:\Users\***\Documents\Zeugs.wdb
[2013.05.09 21:18:16 | 000,002,036 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2013.05.09 21:18:15 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2013.05.09 21:03:01 | 000,001,413 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
[2013.05.09 20:38:00 | 000,002,108 | ---- | C] () -- C:\Users\***\Desktop\Ende.lnk
[2013.04.26 19:24:40 | 000,001,635 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2013.04.26 18:12:19 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2013.04.26 18:07:21 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2013.04.13 14:27:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.04.13 14:27:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.04.13 14:27:34 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.04.13 14:27:34 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.04.13 14:27:34 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.03.29 18:38:03 | 000,000,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\my_intel.sys
[2013.03.11 16:42:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.03.09 21:51:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\sp_data.sys
[2012.10.17 00:44:06 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\dptfinvalidpolicyremover.ini
[2012.10.17 00:44:05 | 000,185,216 | ---- | C] () -- C:\Windows\SysWow64\dptfinvalidpolicyremover.exe
[2012.10.17 00:30:05 | 004,612,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.17 08:52:08 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.17 08:51:49 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.09.17 08:51:47 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.08.17 02:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012.08.17 02:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.10.17 00:55:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >
         
--- --- ---


und Extra:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.05.2013 16:20:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 45,66% Memory free
5,14 Gb Paging File | 2,99 Gb Available in Paging File | 58,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 123,66 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Drive D: | 258,45 Gb Total Space | 258,33 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: ZENBOOK | User Name: Lui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{232D3893-2CAE-4A2F-B6CD-EA56D72D5F99}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{2604257F-A4AC-4129-AD60-2FF6C6963BFC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{329B1B8D-967A-4BB9-935A-C3E28F927875}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{364F1FDC-530D-4A04-BFEC-08AB23C653DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E4DEDAA-353B-47D0-8611-AA85D063D69C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4BC06A0E-BDAD-47F7-9289-68CCCDE097F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F33ABF8-727B-4C46-B246-8552B6F10783}" = rport=139 | protocol=6 | dir=out | app=system | 
"{50CBB7A2-66F6-4BFD-8D25-8A99CB193055}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{55E347D2-A7E9-421D-802D-3AF65F0C3C2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{58512A4B-BB1F-470E-867F-6A22524A03E1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79C318F1-852B-4BAC-B4C4-B1638E217B01}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7C749AD5-2B44-47D6-A071-87C375FD169F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{87CDD484-B85A-4A92-9EAE-A83F7DDEF22A}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{8C9C50A5-A4DE-4D15-AB94-9C200E63C9DF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{910D9ECD-A16B-4D33-9A0F-D7566C2B2A97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9AEF96D6-75CF-44FE-8593-C273E8F84744}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B5C53F7E-473D-4E35-8413-513E50AAF844}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B666BF70-F5F4-4D6C-B0BE-E7CADF0E48D2}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{C1A40246-5578-4693-B003-2186DE10F8F9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CE45ADD9-845A-48FB-B7BC-67A4ED71520E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D132167C-12D4-4430-A0A3-5B6D8E1DE4C1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7028104-2D83-4CCE-993D-FCFCA6A00D31}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{F0D86320-491D-47B3-8DC4-10621CF355ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{F1D072CE-E104-4743-8300-5CBF00EF34AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6006BF5-BEA2-43BB-80C0-EA60F9BD638F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F89EC128-9E2C-4820-B249-45066E235F00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03126B67-A80F-45ED-B6CD-9C79515D3895}" = dir=in | app=c:\users\***\appdata\local\microsoft\skydrive\skydrive.exe | 
"{03802D15-C1CB-4B40-A43F-CB0058A7A026}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{09B844E7-7999-415D-AC8E-18FDD4EBD766}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11BE7FF7-CE60-49F1-A2AE-656F62D01271}" = dir=out | name=@{54490martinsuchan.apod_1.2.0.9_neutral__aabn1bapetf12?ms-resource://54490martinsuchan.apod/resources/appname} | 
"{13A5F857-BB61-4014-B6C9-57F3B5EC458D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{13F6D9BA-FD3C-4AC3-9842-5E57C6D6291E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15B91F4F-B89A-42C1-8C81-56A9FBB6EC64}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{15DC6FEA-51DC-4C92-A879-BD708035F9DE}" = dir=out | name=the big bang theory app | 
"{1952425A-A9DB-49CE-88BD-C03C2294A5DB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13.exe | 
"{1ABB80B6-E912-486F-A99C-1042CD21D606}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{238C0F10-DB62-4741-924D-C81D85133273}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{249EC319-F7C2-405C-81A0-95F7CAEBE14C}" = dir=in | name=skype | 
"{2B7FFFBA-5136-47FB-BDA7-18D26B165AC5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2DC664E2-D638-4E0F-8E1F-7429E92F5791}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F6BC3E6-0D83-4891-8ECD-4CE3CDD9A663}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd.exe | 
"{351D6CC2-51BD-40C3-A78E-77E8A9A5CC66}" = dir=out | name=microsoft solitaire collection | 
"{3591E7DE-BDF7-4659-878D-48D43A723BC9}" = dir=out | name=@{mobfishgmbh.werwirdreich_1.0.0.3_x64__2zn8ak6882dj0?ms-resource://mobfishgmbh.werwirdreich/resources/appname} | 
"{369658D7-5DBC-434F-9468-09F9EDDAA543}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{396F07D2-3FFD-4C51-B19C-564B1F187536}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{3A22374D-A3C9-48D8-B218-B023EEA7DC8D}" = dir=out | name=fresh paint | 
"{3E270F5A-DA24-40AA-992B-5F7CCE284DE0}" = dir=in | name=multimedia 8 | 
"{4051ADD0-27B3-4D2E-B8C3-BDE6BCD8CFB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{46FB6155-5D43-415F-B39C-F6353DA666B8}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{47EACFCC-7A13-4EDD-BB6B-F8B993E8F4DB}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{4C16FDB8-724A-4C4E-A322-79357EB8823E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{4F99F6F5-B3F7-4694-BC60-92423AF50F85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{573E7BBD-4E17-4B77-A834-E26343A37382}" = dir=out | name=skype | 
"{6817DED7-4822-4888-9616-CC8744AA6F80}" = dir=out | name=adera | 
"{688D336E-39A8-4E41-8C6F-C211D9BB5805}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68BF3DFC-928E-4074-ADDA-3ACF4C9CC483}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{6B4F1CF6-47BA-49FE-8029-18A28A0284D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13agent.exe | 
"{6BD64B08-4588-460B-8574-78DDA997BB0B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{6E18B8E6-D789-41BE-8D13-0282549BC5F5}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{6E8834F9-2E47-4E3F-9EE2-327FA8D5F971}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{719E536E-B67B-48DB-816D-754D98DF6D82}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe | 
"{7369393A-A803-4790-BC56-F406AE19BF76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77DB6984-E2D9-4246-8DBF-4BD95D2C2220}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dms\clmsserverpdvd13.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{819C93E5-FB0A-47BE-AF96-84BE57F31C46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dmr\powerdvd13dmrengine.exe | 
"{85B7342D-6610-4D3A-A0CC-77FE9872832D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{872F2FC0-8004-40F7-8C57-8A373E72C16F}" = dir=out | name=bejeweled live | 
"{8D504426-B423-47C0-97B4-7D2BE9CFE693}" = dir=out | name=magic puzzles | 
"{91EF97CB-475D-4695-88B6-A2EFC79CAD55}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | 
"{A121D8BF-A12E-4DD3-8F6D-870949759C05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A12ADC24-0CAC-4887-9519-0C8372517DDB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{A2DE1308-6EC4-40C7-840F-20FCC17DB9E0}" = dir=out | name=gmail calendar | 
"{A57BF7FB-B522-4AFA-89B2-4250111B6839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A833EB3A-4622-4062-9E89-D3FF09C868F4}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{A9033C34-ADCF-4BF9-8A80-D183F2B62113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A98EFC83-2110-4654-B3BC-1BB3BC5BDEEC}" = dir=out | name=multimedia 8 | 
"{AAAE3E1F-3E05-407F-8178-8F79AFFEC4FF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{B11FB5E5-0E21-49D9-8770-680E3C5557A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B26CE265-388B-4564-A903-9BCC42A350D5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13ml.exe | 
"{B321FA65-8497-486C-AA53-CA92F7E2F5CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd cinema\powerdvdcinema13.exe | 
"{B358E1DF-7DD6-4560-A45B-83A3B9DFC3CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B604F9AF-C7F1-4446-AC3A-B655D19FD74E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{B66E899B-7FF4-4B2B-996F-AEDF274284E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B7D0082B-11B0-4D29-A571-E9022AF272AC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B9DA1661-71B4-4B86-AAAA-DBCC3DA8A3B6}" = dir=out | name=taptiles | 
"{BD470139-D601-4C8F-AEE7-5594C50D5EFB}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{CEAAF651-3E98-48F8-9A0D-B8CCDF1E6538}" = dir=out | name=wordament | 
"{D1B0456C-513C-40FD-92ED-88FFF7893FAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D4BBDC27-F3B8-40E8-8C82-BDB8AFA16B12}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D7B3213F-2330-4CD1-82B0-11AC5B2E697C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EFBB4C0A-B627-49A0-BF25-513668645848}" = protocol=6 | dir=out | app=system | 
"{F22106AD-B99C-4FFF-8DBE-CDB8C5DD5BC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F512629B-0328-4ADA-854A-9D3A50A685FA}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{F81BA763-8131-47AA-971A-5783726E011F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FD98AFB1-0F93-48A8-9816-A5923B751A3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{89D2FA50-6002-4AFB-8586-3E38B355E891}" = Intel® PROSet/Wireless WiFi Software
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel(R) WiDi
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = T-Online Banking Software
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1D30EA2E-5341-493E-8D71-0EED788B6CD9}" = Nero WaveEditor Help (CHM)
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{76335315-16A0-4DBB-B01C-5FDC6A5CB8A3}" = Nero WaveEditor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3DC5C38-EAE3-4003-B6A7-DEF127E9A9AB}" = Nero WaveEditor
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D928A4B7-126D-47B6-AD76-9848E51E1426}" = Audials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pimero 2012 R3_is1" = Pimero 2012 R3
"Real Jigsaw Puzzle" = Real Jigsaw Puzzle (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-174680979-3380738750-1060645545-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2013 10:11:33 | Computer Name = Zenbook | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Das Paket „Microsoft.Adera_1.4.0.17837_x86__8wekyb3d8bbwe“ wurde beendet,
 da das Anhalten zu lange dauerte.
 
Error - 17.05.2013 10:11:40 | Computer Name = Zenbook | Source = Application Hang | ID = 1002
Description = Programm Adera.exe, Version 0.0.0.0 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17d4    Startzeit:
 01ce5300038338f9    Endzeit: 4294967295    Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.Adera_1.4.0.17837_x86__8wekyb3d8bbwe\Adera.exe

Berichts-ID:
 aefbf1ce-befb-11e2-be8e-9cebe809b671    Vollständiger Name des fehlerhaften Pakets:
 Microsoft.Adera_1.4.0.17837_x86__8wekyb3d8bbwe    Anwendungs-ID, die relativ zum fehlerhaften
 Paket ist: App  
 
Error - 17.05.2013 10:37:18 | Computer Name = Zenbook | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 15d8    Startzeit: 01ce52fe44d1645e    Endzeit: 141    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE    Berichts-ID: 41fa011d-beff-11e2-be8e-9cebe809b671

Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
Error - 17.05.2013 10:41:34 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 10:41:34 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 13:25:00 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 13:25:00 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 14:24:45 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 14:24:45 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 14:51:35 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 17.05.2013 14:51:35 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
[ System Events ]
Error - 26.04.2013 12:13:23 | Computer Name = Zenbook | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Dragon Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.04.2013 12:23:44 | Computer Name = Zenbook | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Dragon Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.04.2013 16:12:05 | Computer Name = Zenbook | Source = DCOM | ID = 10016
Description = 
 
Error - 28.04.2013 12:00:18 | Computer Name = Zenbook | Source = DCOM | ID = 10016
Description = 
 
Error - 01.05.2013 13:51:07 | Computer Name = Zenbook | Source = DCOM | ID = 10016
Description = 
 
Error - 03.05.2013 10:12:14 | Computer Name = Zenbook | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 03.05.2013 10:20:30 | Computer Name = Zenbook | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 04.05.2013 06:32:49 | Computer Name = Zenbook | Source = DCOM | ID = 10016
Description = 
 
Error - 04.05.2013 06:32:49 | Computer Name = Zenbook | Source = DCOM | ID = 10016
Description = 
 
Error - 06.05.2013 07:52:38 | Computer Name = Zenbook | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


außerdem der logfile des defoggers:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:55 on 18/05/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Ich hoffe, jetzt ist alles wieder sauber!

Herzlichen Gruß,
Aprill


Alt 20.05.2013, 06:19   #6
t'john
/// Helfer-Team
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?



Sieht gut aus!


Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.








Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
--> Wie werde ich Yontoo los?

Alt 20.05.2013, 08:18   #7
Aprill
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?



Lieber T'John,
so, jetzt habe ich alle Tools bereinigt und habe wieder ein gutes Gefühl an meinem Laptop.
Vielen herzlichen Dank! Sobald ich wieder zu Hause bin und an meinen TAN-Generator rankomme, überweise ich euch was - natürlich über sicheren Zahlungsverkehr!
Lieben Gruß,
Aprill

Alt 20.05.2013, 08:55   #8
t'john
/// Helfer-Team
 
Wie werde ich Yontoo los? - Standard

Wie werde ich Yontoo los?





wir wuenschen eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Wie werde ich Yontoo los?
32 bit, ad-ware, aktionen, alten, angeklickt, angezeigt, autostart, deaktiviert, desktop, experte, experten, fenster, gemerkt, heute, kaspersky, liebe, logfiles, löschen, nicht löschen, programme, prozess, richtig, runterladen, schnell, schädliche, yontoo, zugriff



Ähnliche Themen: Wie werde ich Yontoo los?


  1. Pup.Optional.Yontoo
    Plagegeister aller Art und deren Bekämpfung - 26.10.2015 (15)
  2. Yontoo 2.051 entfernen
    Log-Analyse und Auswertung - 15.06.2015 (1)
  3. Yontoo nervt
    Plagegeister aller Art und deren Bekämpfung - 04.04.2015 (16)
  4. Wie entferne ich Yontoo?
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (10)
  5. Yontoo 2.051
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (9)
  6. Yontoo entfernen
    Anleitungen, FAQs & Links - 31.10.2013 (2)
  7. v9.com und adware yontoo.gen
    Log-Analyse und Auswertung - 07.07.2013 (14)
  8. Sicherheitsrisiko Yontoo
    Antiviren-, Firewall- und andere Schutzprogramme - 26.06.2013 (3)
  9. wss4191.tmp und yontoo
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (33)
  10. AdWare.IS.Yontoo.a
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  11. Virus yontoo.gen gefunden!
    Log-Analyse und Auswertung - 29.05.2013 (7)
  12. Avira findet installCore.Gen und Yontoo.Gen: wie werde ich das los?
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  13. Was ist Yontoo 1.10.02 für ein Programm
    Diskussionsforum - 19.05.2013 (4)
  14. Yontoo 1.10.02, RootKitAccess
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (55)
  15. Yontoo 2.051 / YontooDesktop.exe*32
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (17)
  16. ADWARE/Yontoo.H Virus/Trojaner wie werde ich das Los? WIN XP
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (1)
  17. Yontoo 2.04 and many more..
    Log-Analyse und Auswertung - 01.03.2013 (6)

Zum Thema Wie werde ich Yontoo los? - Liebe Expertinnen & Experten, ich habe mir heute die Ad-Ware Yontoo eingehandelt, als ich einen Mediaconverter für meinen alten Sansa-Mp3-Player runterladen wollte. Wie werde ich das Ding wieder los? Über - Wie werde ich Yontoo los?...
Archiv
Du betrachtest: Wie werde ich Yontoo los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.