Der OTL Text ist:
OTL Logfile: Code:
OTL logfile created on: 21.09.2012 08:40:45 - Run 1
OTL by OldTimer - Version 3.2.65.0 Folder = C:\Users\x\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,84 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 59,91% Memory free
5,68 Gb Paging File | 4,38 Gb Available in Paging File | 77,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125,00 Gb Total Space | 52,17 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 171,08 Gb Total Space | 82,80 Gb Free Space | 48,40% Space Free | Partition Type: NTFS
Computer Name: X-PC | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.21 08:37:57 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\x\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.11 22:12:36 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011.12.31 13:04:26 | 005,598,840 | ---- | M] (SlySoft, Inc.) -- D:\AnyDVD\AnyDVDtray.exe
PRC - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) -- D:\Eigene Dateien\Eigene Videos\ZuneNss.exe
PRC - [2011.08.05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.08.27 09:12:40 | 003,499,728 | ---- | M] (RSA, The Security Division of EMC.) -- C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe
PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.04.03 16:34:20 | 000,733,184 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.08.07 15:54:22 | 001,777,664 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2008.06.19 11:42:12 | 000,857,544 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
PRC - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.14 03:31:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:30:54 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 11:31:02 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 11:25:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 11:25:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.06.19 14:15:12 | 000,741,376 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\UpgraderGer.dll
MOD - [2008.06.19 11:42:12 | 000,857,544 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
========== Services (SafeList) ==========
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.11 10:37:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.11 10:37:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Eigene Dateien\Eigene Videos\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Eigene Dateien\Eigene Videos\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Eigene Dateien\Eigene Videos\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.11 10:37:36 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.11 10:37:36 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.20 19:46:48 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.12.04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.12 11:34:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.06.24 10:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.10.09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.gmx.de/tab2 [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2E1A1411-7261-453e-BA82-49962BFBFE85}: "URL" = hxxp://go.gmx.net/suchbox/gmxsuche?su={searchTerms}
IE - HKLM\..\SearchScopes\{3426CE37-9ED7-42A1-BCBE-44941EE1DDCF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKLM\..\SearchScopes\{67E06097-184C-419d-A3C5-68221AD6F675}: "URL" = hxxp://go.gmx.net/suchbox/smartshopping?searchText={searchTerms}
IE - HKLM\..\SearchScopes\{99F41591-ACC6-444c-84C6-8260E3A9DF2C}: "URL" = hxxp://go.gmx.net/suchbox/ebay?query={searchTerms}
IE - HKLM\..\SearchScopes\{A971AD5D-C547-424b-81EA-4E776CFBC1FD}: "URL" = hxxp://go.gmx.net/suchbox/amazon?keywords={searchTerms}
IE - HKLM\..\SearchScopes\{ABD852A8-D67E-48B0-9BBB-8AB1F4129692}: "URL" = hxxp://go.gmx.net/suchbox/google?q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes,DefaultScope = {ABD852A8-D67E-48B0-9BBB-8AB1F4129692}
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{3426CE37-9ED7-42A1-BCBE-44941EE1DDCF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{9A25A84A-E97D-45E2-9298-7972C2C32C7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{A91D401C-51F5-4618-8790-AB62A22CE2D2}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{C1C54F2F-6AAF-4D85-9832-02F720596927}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{C2C2F31B-AE60-4842-8117-AC0706AD63D2}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.09.17 10:08:09 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.
O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RSA Card Conversion Utility] C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (RSA, The Security Division of EMC.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Zune Launcher] D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000..\Run: [AnyDVD] D:\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000..\Run: [NBJ] D:\Nero\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000..\Run: [Updater shortcut] C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..Trusted Domains: volkswohl-bund.de ([vbnet] https in Vertrauenswürdige Sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BB27A3F-2DB9-4ED9-8EFF-B7B7AC9A1DF0}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECCBF372-F86C-4101-9F94-B5684E3D3F3B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.09.21 08:34:25 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{2263C029-0D34-483F-875B-B6ACE7A9600A}
[2012.09.20 09:11:55 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{CB0580B0-A484-4614-AB22-493195C48A22}
[2012.09.19 15:14:23 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{AFF2FFE9-FB6A-44F1-B4CE-5D265BBA845E}
[2012.09.18 12:49:20 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Digital Support
[2012.09.18 12:44:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Systweak
[2012.09.18 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012.09.18 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2012.09.18 10:28:46 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{FD62B4CB-E658-436D-9885-5A3ED16150CD}
[2012.09.17 12:27:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\www.shadowexplorer.com
[2012.09.17 08:39:50 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{28CC8A44-062E-46A5-900A-D47811CF3712}
[2012.09.17 08:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.17 08:00:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.17 08:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.13 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{381D5F22-A9C5-4407-AEFF-C16C33418B8C}
[2012.09.12 21:47:52 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{4A61D208-2E5A-4295-A616-4E163DC369D6}
[2012.09.12 09:37:48 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{99165909-5EC4-4E05-9F0F-C66B7B4D6D8A}
[2012.09.10 21:39:27 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{CA299058-7193-41E3-86EA-283251E55CA3}
[2012.09.10 11:16:46 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{27B4C7D3-7BAB-4E55-AD7B-2E64A304C66F}
[2012.09.10 10:30:58 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{4DE81DB1-CB27-4F61-A0B4-3B59DD285A21}
[2012.09.07 08:39:59 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{06FD58B5-DF02-494F-9281-4D76679CBB84}
[2012.09.06 08:34:50 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{23F86FE7-B0C8-44F0-97E9-77D9ED348E5E}
[2012.09.05 08:04:57 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{62CCF31B-2501-4F4D-B982-1B4CA2E49B07}
[2012.09.04 09:54:10 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{DA38BC9F-9F3C-433A-A785-CC22F2D6B690}
[2012.09.03 08:34:10 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{FD19B6EB-0640-4A98-8908-E35C07CD102D}
[2012.09.02 09:48:50 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{B12439AB-A8E5-4A5D-9D1F-6C3C0A674464}
[2012.08.31 11:22:41 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{27E52979-8B9F-4321-951F-A6EEB12774CF}
[2012.08.30 09:52:29 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{10539BA6-82D9-4BC5-A0C2-E9C724E1F7D7}
[2012.08.29 09:20:43 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{0B575796-1B9B-4B45-8EFF-147B8FB8DEA0}
[2012.08.28 09:16:54 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{0D79F01F-2D16-4C12-B8D7-D041BEC4298C}
[2012.08.28 09:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.27 13:34:01 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{04837D2A-24BC-4E1A-A879-B76060192726}
[2012.08.27 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{B50D4DBC-1949-4091-9E62-72153F775DF8}
[2012.08.25 14:31:49 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{22C49A0A-AA0E-4EBD-AD8A-4FF1421B8412}
[2012.08.24 10:45:45 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{50315E65-D299-4752-93DE-DAA3DADF6D77}
[2012.08.24 09:08:27 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{6BAB6420-369F-4A52-B8BE-4A17101E911E}
[2010.01.12 09:38:37 | 001,167,184 | ---- | C] (Microsoft Corporation) -- C:\Users\x\wlsetup-web.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.21 08:42:08 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.21 08:33:53 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.21 08:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\BootStat.dat
[2012.09.20 14:32:05 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:32:05 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:24:30 | 2287,415,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 14:05:00 | 000,753,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.20 14:05:00 | 000,698,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.20 14:05:00 | 000,166,170 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.20 14:05:00 | 000,135,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.19 10:08:47 | 000,001,644 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2012.09.17 13:57:21 | 000,000,476 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.09.17 12:53:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.09.17 12:53:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.09.17 12:10:27 | 000,000,202 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.17 08:22:48 | 000,101,329 | ---- | M] () -- C:\zbotkiller.zip
[2012.09.14 13:36:44 | 000,000,055 | ---- | M] () -- C:\Windows\System32\ntfs_system.bat
[2012.09.12 12:44:13 | 000,016,925 | ---- | M] () -- C:\Windows\VFRAME32.INI
[2012.09.12 12:05:28 | 000,000,490 | ---- | M] () -- C:\Windows\VFORTSCH.INI
[2012.09.12 12:05:14 | 000,000,884 | ---- | M] () -- C:\Windows\VPMS.INI
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.18 12:51:46 | 000,001,644 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.09.17 12:52:26 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.09.17 12:52:26 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.09.17 08:22:44 | 000,101,329 | ---- | C] () -- C:\zbotkiller.zip
[2012.09.14 13:36:44 | 000,000,055 | ---- | C] () -- C:\Windows\System32\ntfs_system.bat
[2012.06.26 20:19:49 | 000,067,584 | --S- | C] () -- C:\Windows\BootStat.dat
[2012.06.26 12:46:30 | 000,000,029 | ---- | C] () -- C:\Users\x\AppData\Roaming\mbam.context.scan
[2012.04.17 13:42:25 | 000,001,153 | ---- | C] () -- C:\Windows\CAF.INI
[2012.02.28 16:55:51 | 000,000,490 | ---- | C] () -- C:\Windows\VFORTSCH.INI
[2012.01.13 09:52:18 | 000,007,602 | ---- | C] () -- C:\Users\x\AppData\Local\Resmon.ResmonCfg
[2011.10.12 20:56:37 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.10.12 20:52:49 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.09.07 10:55:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.03.08 17:51:04 | 000,000,066 | ---- | C] () -- C:\Windows\Advent.ini
[2011.03.08 11:51:55 | 000,000,071 | ---- | C] () -- C:\Windows\iltwain.ini
[2010.10.26 15:21:39 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll
[2010.10.26 15:16:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll
[2010.10.26 15:16:25 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010.10.26 15:16:25 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010.10.26 15:16:19 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll
[2010.10.26 15:15:10 | 000,080,384 | ---- | C] () -- C:\Windows\System32\ccmove32.dll
[2010.10.26 15:15:10 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Cc32.dll
[2010.07.30 13:21:06 | 000,005,120 | ---- | C] () -- C:\Users\x\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.10 13:10:01 | 000,000,088 | ---- | C] () -- C:\Users\x\axa-bt.ini
[2009.12.29 23:43:56 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.05 10:40:05 | 000,000,027 | ---- | C] () -- C:\Users\x\version.ini
[2009.07.21 11:55:41 | 000,000,430 | ---- | C] () -- C:\Users\x\desktopstate
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.05.01 14:42:16 | 000,001,577 | ---- | C] () -- C:\Users\x\.recently-used.xbel
========== ZeroAccess Check ==========
[2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2012.01.23 10:10:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\LocalLow\Microsoft\Silverlight\is\xr4lgypn.pwb\4hnsmec1.4gi\1\l
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
========== LOP Check ==========
[2012.03.06 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Amazon
[2011.11.24 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCON Installer
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity
[2010.01.13 11:02:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Bytemobile
[2012.09.18 12:49:20 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Digital Support
[2010.10.22 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Downloaded Installations
[2011.10.15 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 13:26:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\elsterformular
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GetRightToGo
[2011.07.05 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HanseMerkurISAMA
[2012.09.21 08:33:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HCM Updater
[2011.08.11 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX
[2010.10.22 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nitro PDF
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PC-FAX TX
[2010.02.24 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ScanSoft
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Smart PDF Converter Pro
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\SQL Anywhere 11
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Subversion
[2012.09.19 11:05:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Systweak
[2010.03.17 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer
[2011.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\VHV
[2012.08.15 09:35:56 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Vodafone
[2010.01.04 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Volkswohl Bund
[2011.09.14 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Windows Live Writer
[2012.09.17 12:27:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\www.shadowexplorer.com
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\XMedia Recode
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.07.06 13:28:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ahead
[2012.03.06 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Amazon
[2011.12.20 09:56:31 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Apple Computer
[2011.11.24 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCON Installer
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity
[2011.10.25 10:12:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Avira
[2010.02.04 23:17:06 | 000,000,000 | R--D | M] -- C:\Users\x\AppData\Roaming\Brother
[2010.01.13 11:02:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Bytemobile
[2009.12.09 21:18:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CyberLink
[2012.09.18 12:49:20 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Digital Support
[2010.10.22 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Downloaded Installations
[2011.10.15 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 13:26:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\elsterformular
[2012.08.16 10:49:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FLEXnet
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GetRightToGo
[2009.12.09 21:25:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Google
[2011.07.05 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HanseMerkurISAMA
[2012.09.21 08:33:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HCM Updater
[2009.12.03 15:01:05 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities
[2010.01.09 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\InstallShield
[2009.12.14 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia
[2011.08.11 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX
[2011.10.12 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes
[2009.07.14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs
[2012.05.12 14:21:41 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft
[2009.12.30 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Microsoft Web Folders
[2010.04.20 13:43:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla
[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nero
[2010.10.22 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nitro PDF
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PC-FAX TX
[2010.02.24 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ScanSoft
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Smart PDF Converter Pro
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\SQL Anywhere 11
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Subversion
[2012.09.19 11:05:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Systweak
[2010.03.17 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer
[2011.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\VHV
[2012.08.15 09:35:56 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Vodafone
[2010.01.04 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Volkswohl Bund
[2011.09.14 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Windows Live Writer
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\WinRAR
[2012.09.17 12:27:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\www.shadowexplorer.com
[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\XMedia Recode
< %APPDATA%\*.exe /s >
[2012.05.31 09:45:48 | 005,762,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8479_8623.exe
[2012.03.27 11:33:07 | 004,180,528 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8479_8531.exe
[2012.04.23 09:12:32 | 005,933,016 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8531_8623.exe
[2012.05.31 09:46:00 | 004,309,624 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8479_8623.exe
[2012.04.23 09:14:19 | 004,591,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_11_8479_8623.exe
[2012.04.23 09:18:00 | 004,506,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_11_8479_8623.exe
[2012.05.31 09:46:12 | 004,278,384 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8479_8623.exe
[2012.04.23 09:16:13 | 004,504,904 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_11_8479_8623.exe
[2012.04.23 09:19:38 | 004,282,328 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8479_8623.exe
[2012.04.23 09:09:46 | 005,576,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8479_8623.exe
[2012.04.23 09:22:46 | 004,272,848 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8479_8623.exe
[2012.04.23 09:24:36 | 004,288,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8479_8623.exe
[2012.04.23 09:21:15 | 004,290,016 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8479_8623.exe
[2011.07.05 14:02:55 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\x\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.12 17:48:00 | 000,010,134 | R--- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
[2012.06.26 11:57:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\malwarebytes_antimalware_1.61.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2005.10.12 13:07:12 | 000,874,240 | R--- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\$WIN_NT$.~BT\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005.08.18 17:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\$WIN_NT$.~BT\nvatabus.sys
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2005.04.08 11:43:26 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\$WIN_NT$.~BT\viamraid.sys
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< >
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.11.24 11:09:37 | 000,001,084 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.24 11:09:38 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< End of report > --- --- ---
Ich wollte gerade das Textfenster schließen, da habe ich gesehen, dass es zwei Texte gibt. Ich weiss nicht ob es der selbe ist. Deshalb hier noch der andere.
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 21.09.2012 08:40:45 - Run 1
OTL by OldTimer - Version 3.2.65.0 Folder = C:\Users\x\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,84 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 59,91% Memory free
5,68 Gb Paging File | 4,38 Gb Available in Paging File | 77,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125,00 Gb Total Space | 52,17 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 171,08 Gb Total Space | 82,80 Gb Free Space | 48,40% Space Free | Partition Type: NTFS
Computer Name: X-PC | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Foto\Kaufland Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Kaufland Foto] -- "D:\Foto\Kaufland Foto\Kaufland Foto.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "D:\Foto\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OnlineFotoservice] -- "D:\Foto\Amazon Foto\OnlineFotoservice\OnlineFotoservice.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF3640F-1224-4BCD-B891-D9CD1ACAB6A6}" = RV-SysInfo
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436A979-497D-47C4-B448-D0625035F77E}" = Nero Video 11
"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2E5E31A8-5469-4D96-962D-C294D2F7DA45}" = Der Broker Pool V3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC6EA88-7A1F-4401-9B25-84F547158B8E}" = RUVIS-PC
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{53CFF9B1-4ED7-4114-8ECF-ADD13BC8AC57}" = VHV RECOMAX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite MFC-8860DN
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}" = VHV-Tarifprogramm
"{AC2F9FCC-170E-4B0B-84AB-7307A373570F}" = RSA Smart Card Middleware 3.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8381511-3832-4449-B33A-763931D2590B}" = BB-Euro-Tarifrechner
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA367FE1-A386-4E71-A33A-D41DB310546E}" = NÜRNBERGER Beratungstechnologie Version 08.2009 Einzelplatz
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite MFC-425CN
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C20B2271-69D4-11D4-A951-08005AD260A8}" = VOLKSWOHL BUND - Angebotsprogramm Komfort
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta_is1" = Audacity 1.3.13
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"DaVinci für Windows 9x / ME / NT / 2000" = DaVinci für Windows
"E38B2136962D21A7BDE5AAC98CD1C6EA6B6D0687" = Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader (05/17/2005 5.2.3790.2444)
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ElsterFormular 11.5.0.4546" = ElsterFormular
"ElsterFormular 13.1.1.8479k" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"Kaufland Foto" = Kaufland Foto
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mediaport" = Mediaport
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"meinHausplaner" = meinHausplaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NeroVision!UninstallKey" = NeroVision Express 2 SE
"NMPUninstallKey" = Nero Media Player
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sv.net" = sv.net
"Swiss Life EVA" = Swiss Life EVA
"TVWiz" = Intel(R) TV Wizard
"web'n'walk Manager" = web'n'walk Manager
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zune" = Zune
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d7d997e86766123f" = Business plus+
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.09.2012 02:54:55 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:54:55.767]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:55:30 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:55:30.992]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:56:06 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:56:06.217]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:56:41 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:56:41.442]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:57:16 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:57:16.666]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:57:51 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:57:51.891]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:58:27 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:58:27.116]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:59:02 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:59:02.341]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 02:59:37 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 08:59:37.566]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
Error - 21.09.2012 03:00:12 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/21 09:00:12.791]: [00001644]: GetDeviceIpAddress:
GetAddressByName [BRN_A7BF08] Error
[ Media Center Events ]
Error - 09.04.2010 01:43:27 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 07:43:27 - Fehler beim Herstellen der Internetverbindung. 07:43:27
- Serververbindung konnte nicht hergestellt werden..
Error - 09.04.2010 01:43:37 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 07:43:32 - Fehler beim Herstellen der Internetverbindung. 07:43:32
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 02:53:34 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 08:53:20 - Fehler beim Herstellen der Internetverbindung. 08:53:21
- Serververbindung konnte nicht hergestellt werden..
Error - 14.10.2010 04:19:46 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 10:19:46 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 14.10.2010 04:20:02 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 10:19:51 - Fehler beim Herstellen der Internetverbindung. 10:19:51
- Serververbindung konnte nicht hergestellt werden..
Error - 12.11.2010 03:42:18 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 08:42:18 - Fehler beim Herstellen der Internetverbindung. 08:42:18
- Serververbindung konnte nicht hergestellt werden..
Error - 12.11.2010 03:42:31 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 08:42:23 - Fehler beim Herstellen der Internetverbindung. 08:42:23
- Serververbindung konnte nicht hergestellt werden..
Error - 10.07.2011 05:47:00 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 11:46:59 - Fehler beim Herstellen der Internetverbindung. 11:47:00
- Serververbindung konnte nicht hergestellt werden..
Error - 10.07.2011 05:47:09 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 11:47:05 - Fehler beim Herstellen der Internetverbindung. 11:47:05
- Serververbindung konnte nicht hergestellt werden..
Error - 28.01.2012 08:57:29 | Computer Name = x-PC | Source = MCUpdate | ID = 0
Description = 13:57:14 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
[ System Events ]
Error - 20.09.2012 08:23:00 | Computer Name = x-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Planer erreicht.
Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Echtzeit Scanner erreicht.
Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 20.09.2012 08:24:42 | Computer Name = x-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 20.09.2012 08:24:45 | Computer Name = x-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 20.09.2012 08:24:55 | Computer Name = x-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
Error - 20.09.2012 08:25:41 | Computer Name = x-PC | Source = DCOM | ID = 10016
Description =
< End of report > --- --- --- |