Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU "ihr computer wurde gesperrt" (https://www.trojaner-board.de/128489-gvu-computer-wurde-gesperrt.html)

showmaker 23.12.2012 01:06
GVU "ihr computer wurde gesperrt"
 
Habe mir gestern beim surfen einen virus eingefangen. die masche ist wie immer bei den gvu zeug und man wird aufgefordert geld zum entsperren zu bezahlen.

ich bekomme keine webcam bild angezeigt und finde im internet auf anhieb auch keinen screenshot der genau so aussieht wie meiner.

im abgesicherten modus kann ich arbeiten ohne dass die meldung erscheint.

ich versuche jetzt alle schritte zu befolgen und post hier die drei txts.
OTL txt:

Code:
OTL logfile created on: 22.12.2012 23:53:35 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,14% Memory free
3,74 Gb Paging File | 3,25 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,58 Gb Free Space | 9,16% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
PRC - [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
PRC - [2012.12.17 22:50:20 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.10.04 16:00:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.18 21:29:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
MOD - [2012.12.17 22:50:19 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.07.18 21:29:12 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.04.26 19:03:42 | 000,200,192 | ---- | M] () -- C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.18 00:05:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.17 22:50:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.02 13:56:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.12 10:05:33 | 000,232,288 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2011.10.10 07:47:04 | 000,196,912 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.09.09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2011.12.21 15:50:49 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.12.21 15:50:49 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.09.09 10:00:06 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.09.09 09:59:20 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.07.06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.12.23 14:48:23 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.01.09 23:48:02 | 000,027,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt -- (EverestDriver)
DRV - [2009.11.12 02:05:20 | 000,465,408 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2009.11.05 05:51:12 | 000,376,832 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.07 23:24:30 | 000,056,240 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2005.06.20 09:12:00 | 000,215,040 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)
DRV - [2004.04.26 22:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: autofillForms@blueimp.net:0.9.8.4
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:29:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.17 22:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2012.11.13 22:48:46 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.03.26 09:12:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.11.17 17:31:28 | 000,148,947 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:33 | 000,000,933 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\11-suche.xml
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.18 21:29:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.08 22:32:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.08 22:32:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.08 22:32:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 22:32:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 22:32:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 22:32:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.08 13:36:46 | 000,001,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7d1106ec-f439-11e1-b393-e6e963511037}\Shell - "" = AutoRun
O33 - MountPoints2\{7d1106ec-f439-11e1-b393-e6e963511037}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ea9f3ea6-2bc1-11e1-b1f5-9519fd5a2044}\Shell - "" = AutoRun
O33 - MountPoints2\{ea9f3ea6-2bc1-11e1-b1f5-9519fd5a2044}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.07 10:35:08 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
[2012.05.07 10:34:48 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Jonas\AppData\Roaming\Imgburn.exe
[2012.05.07 10:34:41 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Jonas\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.22 22:56:04 | 000,659,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 22:56:04 | 000,623,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 22:56:04 | 000,133,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 22:56:04 | 000,109,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 22:50:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.22 22:50:12 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 22:46:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.22 22:45:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.21 20:53:21 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 20:53:21 | 000,001,056 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.21 20:53:16 | 000,212,480 | ---- | M] () -- C:\Users\Jonas\wgsdgsdgdsgsd.dll
[2012.12.21 20:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 20:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 07:33:06 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 20:53:21 | 000,001,056 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.21 20:53:19 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.21 20:53:16 | 000,212,480 | ---- | C] () -- C:\Users\Jonas\wgsdgsdgdsgsd.dll
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2012.05.07 10:36:14 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe
[2012.05.07 10:34:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Jonas\AppData\Roaming\AvsP.exe
[2012.05.07 10:34:57 | 001,357,348 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
[2012.05.07 10:34:56 | 000,117,723 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\yuvcodecs-1.3.exe
[2012.04.11 17:31:41 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.25 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\7-PDFMaker
[2010.01.13 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AlcaTech
[2010.12.23 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AquaSoft
[2011.11.27 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ashampoo Slideshow Studio Elements
[2011.06.14 22:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\avidemux
[2010.01.15 18:15:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ChessBase
[2012.02.22 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\CmapTools
[2010.01.20 22:18:03 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\dBpoweramp
[2011.10.14 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Downloaded Installations
[2012.10.18 21:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Dropbox
[2012.03.14 13:33:05 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoft
[2012.03.14 13:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.01 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\EndNote
[2012.04.11 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\FreeAudioPack
[2011.03.15 21:17:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GetRightToGo
[2011.03.23 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GraphPad Software
[2012.10.02 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ICQ
[2011.03.23 13:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Leadertech
[2011.02.09 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Local
[2011.06.15 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MAGIX
[2012.12.16 16:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer
[2012.07.22 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Nitro PDF
[2011.02.18 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Opera
[2010.08.27 14:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\SerialCloner
[2011.05.18 13:15:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Thunderbird
[2010.09.29 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Tonium
[2009.12.25 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TuneUp Software
[2012.01.24 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\VSO
[2010.12.24 11:09:42 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt

Code:
OTL Extras logfile created on: 22.12.2012 23:53:35 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,14% Memory free
3,74 Gb Paging File | 3,25 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,58 Gb Free Space | 9,16% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"iLivid" = iLivid
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -    Unable
to contact server.. 
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -    Unable
to contact server.. 
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -    Unable
to contact server.. 
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -    Unable
to contact server.. 
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -    Unable
to contact server.. 
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time.  This session ended with
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.12.2012 18:51:45 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 18:54:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 18:54:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 18:54:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 18:56:39 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 18:56:39 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 18:56:39 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 19:01:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 19:01:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 22.12.2012 19:01:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
gmer.txt

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-23 00:55:18
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1646GSX rev.LB113J
Running: 0v0mzy2k.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\kwloypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                                                                                              82483839 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                  824A83F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000006f                                                                                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                                                                                      ????1.???????????????6??SA???????????.??????.1??????????????????????? ??????????????????volume.inf??????? ??????????????nP??6.1.7600.17122??? ???????????????????????/?/?/?/?/??? ?????????????????????,????????????????????USB\VID_1370&PID_2168\40001446F30000e7??????????????????????????USBSTOR?t???????????storage\volume??????????????????????????? ???????m??????????Generic volume??????????????????????????????????????????????????????????USB Mass Storage Device?-2??6???????#???????????USB??????????????&??? ????X??????????????????????????????0???4???????????:???e??? ??????????????????6.1.7600.17122???????????????r??????????storage\volume?.?.??????????????????????? ???????????????? ???:?????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? 0?????????????????????????????\\?\USB#VID_090C&PID_1000#10080160030532#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????? ???????U?????????????,????????N?V?Q?????????????????????????????????????????}??s??? ?????????????????????,???
Reg            HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                                                                                ????TD??03??v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\myphoneexplorer\myphoneexplorer.exe|Name=MyPhoneExplorer|Desc=MyPhoneExplorer|?sy???????????s??????6.1.7600.16778??????????????????????????????????????? ????????????????????????"???&?????????????????USB\VID_05FE&PID_1010&REV_0001?USB\VID_05FE&PID_1010????????????????????????????????????? ??????????????????? ???????o??????tn??????????????????????????????????????????? ??????????????????? ??????????????????6.1.7600.16385???????????????????h???????????????????????????????????????????????????????0??? ??????????????????????S ??? ???????m???????? ???????"?????n?'?t???????????????????????????????????????????????????????????2B??USB\VID_05FE&PID_1010&REV_0001&MI_00?USB\VID_05FE&PID_1010&MI_00????USB\Class_03&SubClass_01&Prot_01?USB\Class_03&SubClass_01?USB\Class_03????????N??????0???????????????????????????????????????4?????s11??????????????????????????usb.inf:Generic.Section.NTx86:Composite.Dev:6.1.7600.16788:usb\composit
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                                                                                          ???k?o???k?k?2???????????????????j?k?k???k?k????{8ECC055D-047F-11D1-A537-0000F8753ED1}?2f}?????? ??????????s?????? ??????????e??LegacyDriver????LegacyDriver?????????@????????????8??m????????h??????k??????????? ???????z?????|?z???????????k???????????3???????j?k????Microsoft????????????????????????????????????????k?k?2???????j??????s???root\umbus???????????n???o???????????????????????????k?k?2?????k?&???k??Volume?071??LegacyDriver?????????????g???n???s?t?e???k???????z???j???????????????????v???????k???????k?k?2????X??k??????????LegacyDriver?????k?k?k??????un???????j??????s???????????????t????????????????????????A???%???e??Microsoft???? ????????????????????????"???&??????????????B??{00000000-0000-0000-ffff-ffffffffffff}??????LegacyDriver????????????????????????*PNP09FF???????? ??????????s?????????j???3??s?????X??n??????????????????????????????????????????????????????t???? ???????k?????k?????j????????????*? ???????????? ???k??????????????? ???????j???????????z??????????\????????????A?U?[?e?k?k?j?????????????????
Reg            HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                                                                    ???q?????????????????????????????n???6???p?s????????????System32\drivers\hwpolicy.sys???????????Net??|??????????????????Jonas-PC????????????????t?????????????????????????????????????????P??p????????h???????(??p??????p????????u????P??p?????????e?????????????????????????????????P???????????????p????????????????????z??????-??????7C??system32\drivers\fltmgr.sys??????????????i??????A6??????????????t????????n???????????????4??????????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???C????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs???????????????????????????????????????t???????????????t??????? ????????????????p???????????e????,??p???????????????????????????????????????p???????????????????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????p???????????p????????,?F??? ???????????? F??p?????????????????
Reg            HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\ALLES zu programmen\installationsdateien\Installationsprogramm für Adobe Reader\x00a09\Setup.exe  1

---- EOF - GMER 1.0.15 ----
hoffe ich habe nichts vergessen.

cosinus 23.12.2012 02:29
Hallo und :hallo:

Code:
Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Warum bitte hast du eine Enterprise Edition von Windows 7? :wtf:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

showmaker 23.12.2012 10:28
ich konnte das von meiner universität bekommen.

cosinus 23.12.2012 18:49
Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Logs mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!

showmaker 23.12.2012 18:58
Nein, ich habe bevor ich auf das forum gestoßen bin in meiner not die kaspersky rescue disk heruntergeladen, aud cd grbannt und davon den pc gestartet. über nacht habe ich dann den suchlauf gemacht (von vorgestern auf gestern). der hat aber ewig gebraucht und nix gefunden und ich stehe deshalb also quasi immer noch bei null. als ich dann hier zum forum kam habe ich nix mehr gemacht. hatte das gestern vergessen zu posten. aber wie gesagt habe nix gelöscht bisher und keine funde.

cosinus 23.12.2012 19:40
Code:
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Glaub ich so nicht, was ist denn mit Malwarebytes? Das Tool ist doch installiert wie man sieht!
Bitte nachsehen im Reiter Logdateien

showmaker 23.12.2012 20:06
sorry mir ist nicht ganz klar was ich mit dem code machen soll. ich habe es jetzt wie an anderer stelle beschrieben in OTL bei benutzerdef scans/fixes eingefügt und folgende fehlermeldung bzw log datei bekommen

Code:
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 12232012_200300
sorry wenn ich irgendetwas grundlegendes nicht verstanden hab. danke dass du mir helfen willst.

cosinus 23.12.2012 20:12
Würdest du bitte mal meine Postings lesen? :wtf:

Ich hab nach weiteren Logs von Malwarebytes gefragt und dich gebeten bei Malwarebytes nachzusehen im Reiter Logdateien

WO bitte liest du das von OTL heraus?! :confused:

showmaker 23.12.2012 20:17
sorry ich dachte ich müsste etwas mit dem code machen den du gepostet hast. aber das war ja nur ein zitat. wusste nicht ob ich das programm einfach so starten kann und dachte man müsste das mit dem code trixen. egal ich war verwirrt. konnte das programm ganz normal starten und habe unter dem reiter nur eien ganz alte logdatei finden. das programm ist nicht mehr up to date. soll ich updaten und dann einen scan machen?

cosinus 23.12.2012 20:47
Schon wieder muss ich drauf hinweisen, bitte lies meine Beiträge genauer! :nono:

In Posting 4 wurde von mir erwähnst du solltest erstmal nur alles an vorhandenen Logs posten aber keine neuen Scans erstmal machen!

showmaker 23.12.2012 21:03
tut mir leid. habe nix unternommen. hier nun die datei.

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7485

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

17.08.2011 17:01:55
mbam-log-2011-08-17 (17-01-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 425459
Laufzeit: 2 Stunde(n), 23 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 23.12.2012 21:05
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

showmaker 23.12.2012 21:17
wenn ich aswMBR ausführe fragt mich das program nicht nach der aktuellen virendefintion von avast. ich habe direkt das schwarze fenster in dem ich den scan button den FixMBR button den Fix button (gegraut) und den save log und exit button sehen. soll ich den scan ohne aktualisierung trotzdem durchführen?

cosinus 23.12.2012 21:28
Ja dann bitte ohne Aktualisierung

showmaker 23.12.2012 22:12
der aswMRB log

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-23 21:35:20
-----------------------------
21:35:20.619    OS Version: Windows 6.1.7600
21:35:20.619    Number of processors: 2 586 0xF0D
21:35:20.619    ComputerName: JONAS-PC  UserName: Jonas
21:35:21.087    Initialize success
21:35:21.291    AVAST engine defs: 12122100
21:35:26.103    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:35:26.103    Disk 0 Vendor: TOSHIBA_MK1646GSX LB113J Size: 152627MB BusType: 3
21:35:26.119    Disk 0 MBR read successfully
21:35:26.119    Disk 0 MBR scan
21:35:26.650    Disk 0 Windows 7 default MBR code
21:35:26.666    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        39997 MB offset 63
21:35:27.244    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      112627 MB offset 81915435
21:35:27.541    Disk 0 scanning sectors +312576705
21:35:28.134    Disk 0 scanning C:\Windows\system32\drivers
21:35:46.103    Service scanning
21:36:13.916    Modules scanning
21:36:20.494    Disk 0 trace - called modules:
21:36:20.509    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:36:20.572    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85155030]
21:36:20.572    3 CLASSPNP.SYS[881d259e] -> nt!IofCallDriver -> [0x843b2848]
21:36:20.587    5 ACPI.sys[87cad3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x843a7610]
21:36:20.931    AVAST engine scan C:\Windows
21:36:23.837    AVAST engine scan C:\Windows\system32
21:39:25.166    AVAST engine scan C:\Windows\system32\drivers
21:39:40.306    AVAST engine scan C:\Users\Jonas
22:00:16.009    AVAST engine scan C:\ProgramData
22:02:38.650    Scan finished successfully
22:03:51.900    Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat"
22:03:51.900    The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt"
der TDSSKiller log

Code:
22:06:18.0275 1388  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:06:18.0400 1388  ============================================================
22:06:18.0416 1388  Current date / time: 2012/12/23 22:06:18.0400
22:06:18.0416 1388  SystemInfo:
22:06:18.0416 1388 
22:06:18.0416 1388  OS Version: 6.1.7600 ServicePack: 0.0
22:06:18.0416 1388  Product type: Workstation
22:06:18.0416 1388  ComputerName: JONAS-PC
22:06:18.0416 1388  UserName: Jonas
22:06:18.0416 1388  Windows directory: C:\Windows
22:06:18.0416 1388  System windows directory: C:\Windows
22:06:18.0416 1388  Processor architecture: Intel x86
22:06:18.0416 1388  Number of processors: 2
22:06:18.0416 1388  Page size: 0x1000
22:06:18.0416 1388  Boot type: Safe boot with network
22:06:18.0416 1388  ============================================================
22:06:19.0541 1388  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:06:19.0556 1388  ============================================================
22:06:19.0556 1388  \Device\Harddisk0\DR0:
22:06:19.0556 1388  MBR partitions:
22:06:19.0556 1388  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
22:06:19.0556 1388  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0xDBF9C96
22:06:19.0556 1388  ============================================================
22:06:19.0587 1388  C: <-> \Device\Harddisk0\DR0\Partition1
22:06:19.0619 1388  D: <-> \Device\Harddisk0\DR0\Partition2
22:06:19.0619 1388  ============================================================
22:06:19.0619 1388  Initialize success
22:06:19.0619 1388  ============================================================
22:06:55.0337 0364  ============================================================
22:06:55.0337 0364  Scan started
22:06:55.0337 0364  Mode: Manual; SigCheck; TDLFS;
22:06:55.0337 0364  ============================================================
22:06:56.0087 0364  ================ Scan system memory ========================
22:06:56.0087 0364  System memory - ok
22:06:56.0087 0364  ================ Scan services =============================
22:06:56.0447 0364  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:06:56.0587 0364  1394ohci - ok
22:06:56.0619 0364  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
22:06:56.0650 0364  ACPI - ok
22:06:56.0712 0364  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
22:06:56.0775 0364  AcpiPmi - ok
22:06:56.0853 0364  [ 8C729FF9B5C47730EA54E841E2D8B617 ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
22:06:56.0884 0364  acsock - ok
22:06:57.0041 0364  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:06:57.0056 0364  AdobeARMservice - ok
22:06:57.0181 0364  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:06:57.0197 0364  AdobeFlashPlayerUpdateSvc - ok
22:06:57.0259 0364  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
22:06:57.0291 0364  adp94xx - ok
22:06:57.0322 0364  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
22:06:57.0337 0364  adpahci - ok
22:06:57.0400 0364  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
22:06:57.0416 0364  adpu320 - ok
22:06:57.0462 0364  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
22:06:57.0494 0364  AeLookupSvc - ok
22:06:57.0556 0364  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD            C:\Windows\system32\drivers\afd.sys
22:06:57.0634 0364  AFD - ok
22:06:57.0666 0364  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
22:06:57.0681 0364  aic78xx - ok
22:06:57.0744 0364  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
22:06:57.0791 0364  ALG - ok
22:06:57.0853 0364  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
22:06:57.0869 0364  aliide - ok
22:06:57.0900 0364  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
22:06:57.0900 0364  amdagp - ok
22:06:57.0931 0364  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
22:06:57.0947 0364  amdide - ok
22:06:57.0994 0364  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
22:06:58.0025 0364  AmdK8 - ok
22:06:58.0072 0364  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:06:58.0103 0364  AmdPPM - ok
22:06:58.0166 0364  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
22:06:58.0166 0364  amdsata - ok
22:06:58.0197 0364  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:06:58.0212 0364  amdsbs - ok
22:06:58.0244 0364  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
22:06:58.0259 0364  amdxata - ok
22:06:58.0291 0364  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID          C:\Windows\system32\drivers\appid.sys
22:06:58.0322 0364  AppID - ok
22:06:58.0384 0364  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:06:58.0447 0364  AppIDSvc - ok
22:06:58.0494 0364  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo        C:\Windows\System32\appinfo.dll
22:06:58.0541 0364  Appinfo - ok
22:06:58.0587 0364  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt        C:\Windows\System32\appmgmts.dll
22:06:58.0619 0364  AppMgmt - ok
22:06:58.0697 0364  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
22:06:58.0712 0364  arc - ok
22:06:58.0759 0364  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:06:58.0775 0364  arcsas - ok
22:06:58.0853 0364  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
22:06:58.0853 0364  aswFsBlk - ok
22:06:58.0916 0364  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
22:06:58.0931 0364  aswMonFlt - ok
22:06:58.0947 0364  [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
22:06:58.0947 0364  aswRdr - ok
22:06:59.0041 0364  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
22:06:59.0072 0364  aswSnx - ok
22:06:59.0119 0364  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
22:06:59.0134 0364  aswSP - ok
22:06:59.0197 0364  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
22:06:59.0212 0364  aswTdi - ok
22:06:59.0275 0364  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:06:59.0322 0364  AsyncMac - ok
22:06:59.0384 0364  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
22:06:59.0384 0364  atapi - ok
22:06:59.0462 0364  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:06:59.0541 0364  AudioEndpointBuilder - ok
22:06:59.0556 0364  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:06:59.0619 0364  Audiosrv - ok
22:06:59.0712 0364  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:06:59.0728 0364  avast! Antivirus - ok
22:06:59.0775 0364  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:06:59.0837 0364  AxInstSV - ok
22:06:59.0900 0364  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
22:06:59.0947 0364  b06bdrv - ok
22:06:59.0978 0364  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:07:00.0009 0364  b57nd60x - ok
22:07:00.0087 0364  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:07:00.0134 0364  BDESVC - ok
22:07:00.0181 0364  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:07:00.0228 0364  Beep - ok
22:07:00.0291 0364  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE            C:\Windows\System32\bfe.dll
22:07:00.0353 0364  BFE - ok
22:07:00.0416 0364  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
22:07:00.0478 0364  BITS - ok
22:07:00.0509 0364  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:07:00.0541 0364  blbdrive - ok
22:07:00.0603 0364  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:07:00.0619 0364  bowser - ok
22:07:00.0681 0364  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:07:00.0712 0364  BrFiltLo - ok
22:07:00.0759 0364  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:07:00.0806 0364  BrFiltUp - ok
22:07:00.0869 0364  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser        C:\Windows\System32\browser.dll
22:07:00.0916 0364  Browser - ok
22:07:00.0962 0364  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
22:07:00.0994 0364  Brserid - ok
22:07:01.0041 0364  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:07:01.0056 0364  BrSerWdm - ok
22:07:01.0134 0364  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:07:01.0166 0364  BrUsbMdm - ok
22:07:01.0181 0364  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:07:01.0197 0364  BrUsbSer - ok
22:07:01.0228 0364  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:07:01.0244 0364  BTHMODEM - ok
22:07:01.0306 0364  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
22:07:01.0353 0364  bthserv - ok
22:07:01.0400 0364  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:07:01.0447 0364  cdfs - ok
22:07:01.0525 0364  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
22:07:01.0556 0364  cdrom - ok
22:07:01.0634 0364  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc    C:\Windows\System32\certprop.dll
22:07:01.0681 0364  CertPropSvc - ok
22:07:01.0759 0364  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:07:01.0791 0364  circlass - ok
22:07:01.0853 0364  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:07:01.0869 0364  CLFS - ok
22:07:01.0962 0364  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:02.0025 0364  clr_optimization_v2.0.50727_32 - ok
22:07:02.0134 0364  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:07:02.0181 0364  clr_optimization_v4.0.30319_32 - ok
22:07:02.0197 0364  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:07:02.0228 0364  CmBatt - ok
22:07:02.0275 0364  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
22:07:02.0291 0364  cmdide - ok
22:07:02.0353 0364  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG            C:\Windows\system32\Drivers\cng.sys
22:07:02.0384 0364  CNG - ok
22:07:02.0431 0364  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:07:02.0447 0364  Compbatt - ok
22:07:02.0494 0364  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:07:02.0509 0364  CompositeBus - ok
22:07:02.0541 0364  COMSysApp - ok
22:07:02.0572 0364  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
22:07:02.0587 0364  crcdisk - ok
22:07:02.0681 0364  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:07:02.0712 0364  CryptSvc - ok
22:07:02.0759 0364  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC            C:\Windows\system32\drivers\csc.sys
22:07:02.0822 0364  CSC - ok
22:07:02.0916 0364  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
22:07:02.0962 0364  CscService - ok
22:07:03.0041 0364  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
22:07:03.0072 0364  CVirtA - ok
22:07:03.0197 0364  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
22:07:03.0259 0364  CVPND - ok
22:07:03.0306 0364  [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
22:07:03.0353 0364  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:07:03.0353 0364  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:07:03.0416 0364  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:07:03.0462 0364  DcomLaunch - ok
22:07:03.0509 0364  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
22:07:03.0556 0364  defragsvc - ok
22:07:03.0619 0364  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:07:03.0681 0364  DfsC - ok
22:07:03.0775 0364  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:07:03.0853 0364  Dhcp - ok
22:07:03.0884 0364  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:07:03.0931 0364  discache - ok
22:07:03.0978 0364  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:07:03.0994 0364  Disk - ok
22:07:04.0041 0364  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE            C:\Windows\system32\DRIVERS\dne2000.sys
22:07:04.0056 0364  DNE - ok
22:07:04.0103 0364  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:07:04.0134 0364  Dnscache - ok
22:07:04.0166 0364  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc        C:\Windows\System32\dot3svc.dll
22:07:04.0228 0364  dot3svc - ok
22:07:04.0259 0364  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS            C:\Windows\system32\dps.dll
22:07:04.0306 0364  DPS - ok
22:07:04.0337 0364  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
22:07:04.0353 0364  drmkaud - ok
22:07:04.0462 0364  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
22:07:04.0494 0364  DXGKrnl - ok
22:07:04.0541 0364  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
22:07:04.0587 0364  EapHost - ok
22:07:04.0775 0364  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
22:07:04.0884 0364  ebdrv - ok
22:07:04.0931 0364  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS            C:\Windows\System32\lsass.exe
22:07:04.0978 0364  EFS - ok
22:07:05.0056 0364  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
22:07:05.0119 0364  ehRecvr - ok
22:07:05.0150 0364  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
22:07:05.0181 0364  ehSched - ok
22:07:05.0244 0364  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
22:07:05.0259 0364  elxstor - ok
22:07:05.0306 0364  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
22:07:05.0337 0364  ErrDev - ok
22:07:05.0416 0364  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
22:07:05.0462 0364  EventSystem - ok
22:07:05.0697 0364  [ CD2DFB60E21E7842E3E737824D035D45 ] EverestDriver  C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt
22:07:05.0712 0364  EverestDriver - ok
22:07:05.0744 0364  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
22:07:05.0791 0364  exfat - ok
22:07:05.0837 0364  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
22:07:05.0869 0364  fastfat - ok
22:07:05.0962 0364  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax            C:\Windows\system32\fxssvc.exe
22:07:06.0009 0364  Fax - ok
22:07:06.0041 0364  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
22:07:06.0072 0364  fdc - ok
22:07:06.0134 0364  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
22:07:06.0181 0364  fdPHost - ok
22:07:06.0228 0364  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:07:06.0275 0364  FDResPub - ok
22:07:06.0322 0364  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:07:06.0322 0364  FileInfo - ok
22:07:06.0337 0364  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
22:07:06.0384 0364  Filetrace - ok
22:07:06.0416 0364  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:07:06.0447 0364  flpydisk - ok
22:07:06.0494 0364  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:07:06.0509 0364  FltMgr - ok
22:07:06.0603 0364  [ 7FE4995528A7529A761875151EE3D512 ] FontCache      C:\Windows\system32\FntCache.dll
22:07:06.0666 0364  FontCache - ok
22:07:06.0712 0364  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:07:06.0728 0364  FontCache3.0.0.0 - ok
22:07:06.0775 0364  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
22:07:06.0791 0364  FsDepends - ok
22:07:06.0822 0364  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:07:06.0837 0364  Fs_Rec - ok
22:07:06.0900 0364  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:07:06.0916 0364  fvevol - ok
22:07:06.0962 0364  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:07:06.0978 0364  gagp30kx - ok
22:07:07.0041 0364  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt          C:\Windows\system32\DRIVERS\ggflt.sys
22:07:07.0056 0364  ggflt - ok
22:07:07.0103 0364  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
22:07:07.0103 0364  ggsemc - ok
22:07:07.0197 0364  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc          C:\Windows\System32\gpsvc.dll
22:07:07.0259 0364  gpsvc - ok
22:07:07.0384 0364  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
22:07:07.0400 0364  gupdate - ok
22:07:07.0462 0364  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:07:07.0478 0364  gupdatem - ok
22:07:07.0541 0364  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:07:07.0572 0364  hcw85cir - ok
22:07:07.0650 0364  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:07:07.0697 0364  HdAudAddService - ok
22:07:07.0728 0364  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:07:07.0759 0364  HDAudBus - ok
22:07:07.0806 0364  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
22:07:07.0837 0364  HidBatt - ok
22:07:07.0884 0364  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:07:07.0916 0364  HidBth - ok
22:07:07.0978 0364  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
22:07:07.0994 0364  HidIr - ok
22:07:08.0072 0364  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
22:07:08.0103 0364  hidserv - ok
22:07:08.0150 0364  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:07:08.0181 0364  HidUsb - ok
22:07:08.0228 0364  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:07:08.0275 0364  hkmsvc - ok
22:07:08.0306 0364  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:07:08.0322 0364  HomeGroupListener - ok
22:07:08.0369 0364  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:07:08.0400 0364  HomeGroupProvider - ok
22:07:08.0478 0364  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
22:07:08.0494 0364  HpSAMD - ok
22:07:08.0572 0364  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:07:08.0619 0364  HTTP - ok
22:07:08.0650 0364  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:07:08.0666 0364  hwpolicy - ok
22:07:08.0728 0364  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:07:08.0744 0364  i8042prt - ok
22:07:08.0837 0364  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
22:07:08.0853 0364  iaStorV - ok
22:07:08.0947 0364  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:07:08.0978 0364  idsvc - ok
22:07:09.0025 0364  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
22:07:09.0025 0364  iirsp - ok
22:07:09.0103 0364  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:07:09.0166 0364  IKEEXT - ok
22:07:09.0291 0364  [ 90A10B39896040B3154613C11C932AEB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:07:09.0353 0364  IntcAzAudAddService - ok
22:07:09.0369 0364  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
22:07:09.0384 0364  intelide - ok
22:07:09.0431 0364  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:07:09.0462 0364  intelppm - ok
22:07:09.0525 0364  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
22:07:09.0572 0364  IPBusEnum - ok
22:07:09.0619 0364  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:07:09.0666 0364  IpFilterDriver - ok
22:07:09.0744 0364  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:07:09.0806 0364  iphlpsvc - ok
22:07:09.0869 0364  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:07:09.0884 0364  IPMIDRV - ok
22:07:09.0931 0364  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
22:07:09.0978 0364  IPNAT - ok
22:07:10.0009 0364  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:07:10.0041 0364  IRENUM - ok
22:07:10.0056 0364  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
22:07:10.0072 0364  isapnp - ok
22:07:10.0119 0364  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:07:10.0150 0364  iScsiPrt - ok
22:07:10.0181 0364  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:07:10.0197 0364  kbdclass - ok
22:07:10.0244 0364  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:07:10.0275 0364  kbdhid - ok
22:07:10.0322 0364  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
22:07:10.0337 0364  KeyIso - ok
22:07:10.0384 0364  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:07:10.0400 0364  KSecDD - ok
22:07:10.0447 0364  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
22:07:10.0462 0364  KSecPkg - ok
22:07:10.0509 0364  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
22:07:10.0572 0364  KtmRm - ok
22:07:10.0634 0364  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:07:10.0666 0364  LanmanServer - ok
22:07:10.0712 0364  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:07:10.0744 0364  LanmanWorkstation - ok
22:07:10.0822 0364  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:07:10.0853 0364  lltdio - ok
22:07:10.0900 0364  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
22:07:10.0931 0364  lltdsvc - ok
22:07:10.0962 0364  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
22:07:11.0025 0364  lmhosts - ok
22:07:11.0072 0364  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:07:11.0087 0364  LSI_FC - ok
22:07:11.0119 0364  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
22:07:11.0134 0364  LSI_SAS - ok
22:07:11.0166 0364  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:07:11.0166 0364  LSI_SAS2 - ok
22:07:11.0228 0364  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:07:11.0244 0364  LSI_SCSI - ok
22:07:11.0275 0364  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
22:07:11.0322 0364  luafv - ok
22:07:11.0431 0364  [ B18225739ED9CAA83BA2DF966E9F43E8 ] MBAMSwissArmy  C:\Windows\system32\drivers\mbamswissarmy.sys
22:07:11.0447 0364  MBAMSwissArmy - ok
22:07:11.0509 0364  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
22:07:11.0541 0364  Mcx2Svc - ok
22:07:11.0603 0364  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
22:07:11.0603 0364  megasas - ok
22:07:11.0650 0364  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:07:11.0666 0364  MegaSR - ok
22:07:11.0744 0364  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:07:11.0759 0364  Microsoft Office Groove Audit Service - ok
22:07:11.0806 0364  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
22:07:11.0853 0364  MMCSS - ok
22:07:11.0947 0364  [ 5A78BB029FD8414381FF1315F1E46947 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
22:07:11.0962 0364  Mobile Broadband HL Service - ok
22:07:11.0994 0364  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
22:07:12.0041 0364  Modem - ok
22:07:12.0103 0364  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
22:07:12.0134 0364  monitor - ok
22:07:12.0212 0364  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:07:12.0228 0364  mouclass - ok
22:07:12.0259 0364  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:07:12.0291 0364  mouhid - ok
22:07:12.0322 0364  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:07:12.0322 0364  mountmgr - ok
22:07:12.0416 0364  [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:07:12.0431 0364  MozillaMaintenance - ok
22:07:12.0462 0364  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
22:07:12.0478 0364  mpio - ok
22:07:12.0509 0364  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:07:12.0572 0364  mpsdrv - ok
22:07:12.0619 0364  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:07:12.0666 0364  MpsSvc - ok
22:07:12.0697 0364  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:07:12.0728 0364  MRxDAV - ok
22:07:12.0806 0364  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:07:12.0853 0364  mrxsmb - ok
22:07:12.0916 0364  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:07:12.0978 0364  mrxsmb10 - ok
22:07:13.0009 0364  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:07:13.0041 0364  mrxsmb20 - ok
22:07:13.0087 0364  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
22:07:13.0103 0364  msahci - ok
22:07:13.0150 0364  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
22:07:13.0166 0364  msdsm - ok
22:07:13.0197 0364  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
22:07:13.0228 0364  MSDTC - ok
22:07:13.0291 0364  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:07:13.0322 0364  Msfs - ok
22:07:13.0322 0364  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
22:07:13.0353 0364  mshidkmdf - ok
22:07:13.0416 0364  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
22:07:13.0431 0364  msisadrv - ok
22:07:13.0478 0364  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
22:07:13.0525 0364  MSiSCSI - ok
22:07:13.0556 0364  msiserver - ok
22:07:13.0587 0364  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
22:07:13.0634 0364  MSKSSRV - ok
22:07:13.0666 0364  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:07:13.0712 0364  MSPCLOCK - ok
22:07:13.0744 0364  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
22:07:13.0791 0364  MSPQM - ok
22:07:13.0837 0364  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
22:07:13.0853 0364  MsRPC - ok
22:07:13.0869 0364  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:07:13.0884 0364  mssmbios - ok
22:07:13.0931 0364  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
22:07:13.0962 0364  MSTEE - ok
22:07:13.0994 0364  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:07:14.0025 0364  MTConfig - ok
22:07:14.0087 0364  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
22:07:14.0103 0364  Mup - ok
22:07:14.0150 0364  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
22:07:14.0197 0364  napagent - ok
22:07:14.0244 0364  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
22:07:14.0291 0364  NativeWifiP - ok
22:07:14.0416 0364  [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService      C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:07:14.0462 0364  NBService ( UnsignedFile.Multi.Generic ) - warning
22:07:14.0462 0364  NBService - detected UnsignedFile.Multi.Generic (1)
22:07:14.0509 0364  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:07:14.0541 0364  NDIS - ok
22:07:14.0587 0364  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
22:07:14.0634 0364  NdisCap - ok
22:07:14.0681 0364  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:07:14.0728 0364  NdisTapi - ok
22:07:14.0759 0364  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
22:07:14.0822 0364  Ndisuio - ok
22:07:14.0869 0364  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
22:07:14.0916 0364  NdisWan - ok
22:07:14.0931 0364  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
22:07:14.0962 0364  NDProxy - ok
22:07:15.0025 0364  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
22:07:15.0072 0364  NetBIOS - ok
22:07:15.0119 0364  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
22:07:15.0166 0364  NetBT - ok
22:07:15.0212 0364  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
22:07:15.0212 0364  Netlogon - ok
22:07:15.0306 0364  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:07:15.0369 0364  Netman - ok
22:07:15.0400 0364  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:07:15.0462 0364  netprofm - ok
22:07:15.0494 0364  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:07:15.0509 0364  NetTcpPortSharing - ok
22:07:15.0572 0364  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
22:07:15.0587 0364  nfrd960 - ok
22:07:15.0712 0364  [ 03E1985447FB94AC6BAD392770617CEB ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
22:07:15.0728 0364  NitroReaderDriverReadSpool2 - ok
22:07:15.0775 0364  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:07:15.0837 0364  NlaSvc - ok
22:07:15.0853 0364  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:07:15.0884 0364  Npfs - ok
22:07:15.0947 0364  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
22:07:15.0962 0364  nsi - ok
22:07:16.0041 0364  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:07:16.0072 0364  nsiproxy - ok
22:07:16.0150 0364  [ 5126C5402C730C2A953275D8497A4715 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:07:16.0197 0364  Ntfs - ok
22:07:16.0228 0364  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:07:16.0275 0364  Null - ok
22:07:16.0337 0364  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:07:16.0353 0364  nvraid - ok
22:07:16.0400 0364  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:07:16.0416 0364  nvstor - ok
22:07:16.0447 0364  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
22:07:16.0462 0364  nv_agp - ok
22:07:16.0572 0364  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:07:16.0603 0364  odserv - ok
22:07:16.0666 0364  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:07:16.0681 0364  ohci1394 - ok
22:07:16.0775 0364  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:07:16.0791 0364  ose - ok
22:07:16.0837 0364  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:07:16.0884 0364  p2pimsvc - ok
22:07:16.0916 0364  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:07:16.0947 0364  p2psvc - ok
22:07:16.0994 0364  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
22:07:17.0025 0364  Parport - ok
22:07:17.0087 0364  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
22:07:17.0103 0364  partmgr - ok
22:07:17.0150 0364  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:07:17.0181 0364  Parvdm - ok
22:07:17.0212 0364  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:07:17.0244 0364  PcaSvc - ok
22:07:17.0259 0364  [ C858CB77C577780ECC456A892E7E7D0F ] pci            C:\Windows\system32\DRIVERS\pci.sys
22:07:17.0275 0364  pci - ok
22:07:17.0353 0364  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:07:17.0369 0364  pciide - ok
22:07:17.0431 0364  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:07:17.0447 0364  pcmcia - ok
22:07:17.0478 0364  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
22:07:17.0494 0364  pcw - ok
22:07:17.0572 0364  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:07:17.0634 0364  PEAUTH - ok
22:07:17.0697 0364  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
22:07:17.0744 0364  PeerDistSvc - ok
22:07:17.0884 0364  [ 9C1BFF7910C89A1D12E57343475840CB ] pla            C:\Windows\system32\pla.dll
22:07:17.0978 0364  pla - ok
22:07:18.0056 0364  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:07:18.0087 0364  PlugPlay - ok
22:07:18.0119 0364  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
22:07:18.0150 0364  PNRPAutoReg - ok
22:07:18.0197 0364  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
22:07:18.0212 0364  PNRPsvc - ok
22:07:18.0259 0364  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
22:07:18.0322 0364  PolicyAgent - ok
22:07:18.0384 0364  [ DBFF83F709A91049621C1D35DD45C92C ] Power          C:\Windows\system32\umpo.dll
22:07:18.0416 0364  Power - ok
22:07:18.0478 0364  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:07:18.0525 0364  PptpMiniport - ok
22:07:18.0541 0364  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
22:07:18.0572 0364  Processor - ok
22:07:18.0666 0364  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc        C:\Windows\system32\profsvc.dll
22:07:18.0697 0364  ProfSvc - ok
22:07:18.0728 0364  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:07:18.0744 0364  ProtectedStorage - ok
22:07:18.0759 0364  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:07:18.0791 0364  Psched - ok
22:07:18.0869 0364  [ B1AD87B4C97B6B59FCD075001E76865F ] QCDonner        C:\Windows\system32\DRIVERS\LVCD.sys
22:07:18.0900 0364  QCDonner - ok
22:07:18.0962 0364  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:07:19.0025 0364  ql2300 - ok
22:07:19.0056 0364  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:07:19.0072 0364  ql40xx - ok
22:07:19.0119 0364  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
22:07:19.0150 0364  QWAVE - ok
22:07:19.0181 0364  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:07:19.0212 0364  QWAVEdrv - ok
22:07:19.0275 0364  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:07:19.0306 0364  RasAcd - ok
22:07:19.0369 0364  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
22:07:19.0400 0364  RasAgileVpn - ok
22:07:19.0447 0364  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
22:07:19.0478 0364  RasAuto - ok
22:07:19.0525 0364  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
22:07:19.0587 0364  Rasl2tp - ok
22:07:19.0666 0364  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
22:07:19.0728 0364  RasMan - ok
22:07:19.0791 0364  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:07:19.0837 0364  RasPppoe - ok
22:07:19.0853 0364  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
22:07:19.0916 0364  RasSstp - ok
22:07:19.0962 0364  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
22:07:19.0994 0364  rdbss - ok
22:07:20.0072 0364  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:07:20.0119 0364  rdpbus - ok
22:07:20.0228 0364  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:07:20.0259 0364  RDPCDD - ok
22:07:20.0322 0364  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
22:07:20.0353 0364  RDPDR - ok
22:07:20.0416 0364  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:07:20.0447 0364  RDPENCDD - ok
22:07:20.0509 0364  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:07:20.0541 0364  RDPREFMP - ok
22:07:20.0587 0364  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
22:07:20.0634 0364  RDPWD - ok
22:07:20.0681 0364  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:07:20.0697 0364  rdyboost - ok
22:07:20.0759 0364  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:07:20.0791 0364  RemoteAccess - ok
22:07:20.0822 0364  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:07:20.0884 0364  RemoteRegistry - ok
22:07:20.0947 0364  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:07:20.0994 0364  RpcEptMapper - ok
22:07:21.0056 0364  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:07:21.0072 0364  RpcLocator - ok
22:07:21.0103 0364  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs          C:\Windows\system32\rpcss.dll
22:07:21.0134 0364  RpcSs - ok
22:07:21.0181 0364  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:07:21.0212 0364  rspndr - ok
22:07:21.0259 0364  [ 8E7D6DBBA555C5D5A02DECC79FE9C638 ] RTL8187B        C:\Windows\system32\DRIVERS\RTL8187B.sys
22:07:21.0322 0364  RTL8187B - ok
22:07:21.0353 0364  [ 5423D8437051E89DD34749F242C98648 ] s3cap          C:\Windows\system32\DRIVERS\vms3cap.sys
22:07:21.0384 0364  s3cap - ok
22:07:21.0416 0364  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs          C:\Windows\system32\lsass.exe
22:07:21.0431 0364  SamSs - ok
22:07:21.0447 0364  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
22:07:21.0462 0364  sbp2port - ok
22:07:21.0525 0364  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:07:21.0572 0364  SCardSvr - ok
22:07:21.0619 0364  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:07:21.0650 0364  scfilter - ok
22:07:21.0728 0364  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
22:07:21.0775 0364  Schedule - ok
22:07:21.0806 0364  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc    C:\Windows\System32\certprop.dll
22:07:21.0837 0364  SCPolicySvc - ok
22:07:21.0884 0364  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:07:21.0900 0364  SDRSVC - ok
22:07:21.0962 0364  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:07:22.0009 0364  secdrv - ok
22:07:22.0072 0364  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:07:22.0119 0364  seclogon - ok
22:07:22.0150 0364  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
22:07:22.0197 0364  SENS - ok
22:07:22.0228 0364  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:07:22.0259 0364  SensrSvc - ok
22:07:22.0322 0364  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
22:07:22.0337 0364  Serenum - ok
22:07:22.0400 0364  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:07:22.0431 0364  Serial - ok
22:07:22.0494 0364  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:07:22.0525 0364  sermouse - ok
22:07:22.0587 0364  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
22:07:22.0634 0364  SessionEnv - ok
22:07:22.0666 0364  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
22:07:22.0697 0364  sffdisk - ok
22:07:22.0728 0364  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:07:22.0744 0364  sffp_mmc - ok
22:07:22.0775 0364  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
22:07:22.0806 0364  sffp_sd - ok
22:07:22.0837 0364  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
22:07:22.0869 0364  sfloppy - ok
22:07:22.0916 0364  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:07:22.0962 0364  SharedAccess - ok
22:07:23.0041 0364  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:07:23.0072 0364  ShellHWDetection - ok
22:07:23.0134 0364  [ 4EDC881C138E778FEB9BD24CBC6B33ED ] SIS163u        C:\Windows\system32\DRIVERS\sis163u.sys
22:07:23.0150 0364  SIS163u - ok
22:07:23.0244 0364  [ EF83A32639B6E925B7E7F1945008484B ] SiS6350        C:\Windows\system32\DRIVERS\SISGRKMD.sys
22:07:23.0306 0364  SiS6350 - ok
22:07:23.0353 0364  [ FD1DABF8279ECFCD99EED01A7DF06114 ] SISAGP          C:\Windows\system32\DRIVERS\SISAGPX.sys
22:07:23.0400 0364  SISAGP - ok
22:07:23.0431 0364  [ 6F0C643C7F49F2091B01D014EAE72E1A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSGB6.sys
22:07:23.0462 0364  SiSGbeLH - ok
22:07:23.0509 0364  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:07:23.0509 0364  SiSRaid2 - ok
22:07:23.0572 0364  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:07:23.0587 0364  SiSRaid4 - ok
22:07:23.0697 0364  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
22:07:23.0712 0364  SkypeUpdate - ok
22:07:23.0759 0364  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
22:07:23.0806 0364  Smb - ok
22:07:23.0869 0364  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:07:23.0916 0364  SNMPTRAP - ok
22:07:23.0947 0364  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
22:07:23.0962 0364  spldr - ok
22:07:24.0056 0364  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler        C:\Windows\System32\spoolsv.exe
22:07:24.0087 0364  Spooler - ok
22:07:24.0228 0364  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:07:24.0353 0364  sppsvc - ok
22:07:24.0384 0364  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
22:07:24.0431 0364  sppuinotify - ok
22:07:24.0556 0364  [ C4BB8A12843D9CBB65F5FF617F389BBD ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:07:24.0587 0364  sptd - ok
22:07:24.0634 0364  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv            C:\Windows\system32\DRIVERS\srv.sys
22:07:24.0697 0364  srv - ok
22:07:24.0728 0364  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:07:24.0759 0364  srv2 - ok
22:07:24.0791 0364  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:07:24.0837 0364  srvnet - ok
22:07:24.0900 0364  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
22:07:24.0947 0364  SSDPSRV - ok
22:07:24.0978 0364  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
22:07:25.0025 0364  SstpSvc - ok
22:07:25.0072 0364  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:07:25.0103 0364  stexstor - ok
22:07:25.0197 0364  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:07:25.0244 0364  StiSvc - ok
22:07:25.0275 0364  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
22:07:25.0291 0364  storflt - ok
22:07:25.0353 0364  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc        C:\Windows\system32\storsvc.dll
22:07:25.0369 0364  StorSvc - ok
22:07:25.0384 0364  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc        C:\Windows\system32\DRIVERS\storvsc.sys
22:07:25.0400 0364  storvsc - ok
22:07:25.0447 0364  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:07:25.0462 0364  swenum - ok
22:07:25.0494 0364  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
22:07:25.0541 0364  swprv - ok
22:07:25.0619 0364  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain        C:\Windows\system32\sysmain.dll
22:07:25.0666 0364  SysMain - ok
22:07:25.0712 0364  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:07:25.0759 0364  TabletInputService - ok
22:07:25.0775 0364  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv        C:\Windows\System32\tapisrv.dll
22:07:25.0822 0364  TapiSrv - ok
22:07:25.0884 0364  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
22:07:25.0931 0364  TBS - ok
22:07:26.0025 0364  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
22:07:26.0087 0364  Tcpip - ok
22:07:26.0134 0364  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:07:26.0166 0364  TCPIP6 - ok
22:07:26.0228 0364  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:07:26.0275 0364  tcpipreg - ok
22:07:26.0306 0364  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:07:26.0337 0364  TDPIPE - ok
22:07:26.0400 0364  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
22:07:26.0431 0364  TDTCP - ok
22:07:26.0478 0364  [ CB39E896A2A83702D1737BFD402B3542 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
22:07:26.0525 0364  tdx - ok
22:07:26.0572 0364  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:07:26.0587 0364  TermDD - ok
22:07:26.0681 0364  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService    C:\Windows\System32\termsrv.dll
22:07:26.0744 0364  TermService - ok
22:07:26.0791 0364  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:07:26.0822 0364  Themes - ok
22:07:26.0853 0364  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
22:07:26.0884 0364  THREADORDER - ok
22:07:26.0947 0364  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:07:26.0994 0364  TrkWks - ok
22:07:27.0087 0364  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:07:27.0119 0364  TrustedInstaller - ok
22:07:27.0150 0364  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:07:27.0197 0364  tssecsrv - ok
22:07:27.0275 0364  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:07:27.0306 0364  tunnel - ok
22:07:27.0337 0364  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:07:27.0337 0364  uagp35 - ok
22:07:27.0400 0364  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:07:27.0462 0364  udfs - ok
22:07:27.0509 0364  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
22:07:27.0541 0364  UI0Detect - ok
22:07:27.0603 0364  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
22:07:27.0619 0364  uliagpkx - ok
22:07:27.0666 0364  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
22:07:27.0697 0364  umbus - ok
22:07:27.0759 0364  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:07:27.0806 0364  UmPass - ok
22:07:27.0853 0364  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:07:27.0869 0364  UmRdpService - ok
22:07:27.0916 0364  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:07:27.0962 0364  upnphost - ok
22:07:27.0994 0364  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
22:07:28.0025 0364  usbccgp - ok
22:07:28.0072 0364  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
22:07:28.0087 0364  usbcir - ok
22:07:28.0119 0364  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
22:07:28.0150 0364  usbehci - ok
22:07:28.0228 0364  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:07:28.0244 0364  usbhub - ok
22:07:28.0306 0364  [ EB2D819A639015253C871CDA09D91D58 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
22:07:28.0322 0364  usbohci - ok
22:07:28.0353 0364  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:07:28.0384 0364  usbprint - ok
22:07:28.0431 0364  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
22:07:28.0462 0364  usbscan - ok
22:07:28.0509 0364  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:07:28.0541 0364  USBSTOR - ok
22:07:28.0587 0364  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
22:07:28.0619 0364  usbuhci - ok
22:07:28.0681 0364  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
22:07:28.0712 0364  usb_rndisx - ok
22:07:28.0759 0364  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
22:07:28.0806 0364  UxSms - ok
22:07:28.0822 0364  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
22:07:28.0837 0364  VaultSvc - ok
22:07:28.0869 0364  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
22:07:28.0884 0364  vdrvroot - ok
22:07:28.0962 0364  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds            C:\Windows\System32\vds.exe
22:07:29.0009 0364  vds - ok
22:07:29.0041 0364  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
22:07:29.0072 0364  vga - ok
22:07:29.0103 0364  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
22:07:29.0150 0364  VgaSave - ok
22:07:29.0181 0364  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
22:07:29.0197 0364  vhdmp - ok
22:07:29.0228 0364  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
22:07:29.0244 0364  viaagp - ok
22:07:29.0275 0364  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
22:07:29.0322 0364  ViaC7 - ok
22:07:29.0353 0364  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
22:07:29.0369 0364  viaide - ok
22:07:29.0416 0364  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus          C:\Windows\system32\DRIVERS\vmbus.sys
22:07:29.0431 0364  vmbus - ok
22:07:29.0447 0364  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
22:07:29.0462 0364  VMBusHID - ok
22:07:29.0494 0364  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
22:07:29.0494 0364  volmgr - ok
22:07:29.0556 0364  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
22:07:29.0587 0364  volmgrx - ok
22:07:29.0650 0364  [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap        C:\Windows\system32\drivers\volsnap.sys
22:07:29.0666 0364  volsnap - ok
22:07:29.0791 0364  [ F937E203D6F18FAD36B68D92DF02775D ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:07:29.0822 0364  vpnagent - ok
22:07:29.0884 0364  [ 0D8DF4058901616A4E716AB67D472581 ] vpnva          C:\Windows\system32\DRIVERS\vpnva.sys
22:07:29.0884 0364  vpnva - ok
22:07:29.0962 0364  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
22:07:29.0978 0364  vsmraid - ok
22:07:30.0087 0364  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS            C:\Windows\system32\vssvc.exe
22:07:30.0150 0364  VSS - ok
22:07:30.0166 0364  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:07:30.0212 0364  vwifibus - ok
22:07:30.0244 0364  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:07:30.0275 0364  vwififlt - ok
22:07:30.0306 0364  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
22:07:30.0337 0364  vwifimp - ok
22:07:30.0369 0364  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
22:07:30.0431 0364  W32Time - ok
22:07:30.0462 0364  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:07:30.0494 0364  WacomPen - ok
22:07:30.0509 0364  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:07:30.0541 0364  WANARP - ok
22:07:30.0572 0364  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:07:30.0603 0364  Wanarpv6 - ok
22:07:30.0697 0364  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
22:07:30.0744 0364  WatAdminSvc - ok
22:07:30.0822 0364  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
22:07:30.0869 0364  wbengine - ok
22:07:30.0900 0364  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:07:30.0947 0364  WbioSrvc - ok
22:07:31.0009 0364  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
22:07:31.0056 0364  wcncsvc - ok
22:07:31.0087 0364  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:07:31.0119 0364  WcsPlugInService - ok
22:07:31.0150 0364  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:07:31.0166 0364  Wd - ok
22:07:31.0228 0364  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:07:31.0259 0364  Wdf01000 - ok
22:07:31.0275 0364  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:07:31.0322 0364  WdiServiceHost - ok
22:07:31.0322 0364  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
22:07:31.0353 0364  WdiSystemHost - ok
22:07:31.0400 0364  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient      C:\Windows\System32\webclnt.dll
22:07:31.0416 0364  WebClient - ok
22:07:31.0447 0364  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:07:31.0494 0364  Wecsvc - ok
22:07:31.0509 0364  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
22:07:31.0556 0364  wercplsupport - ok
22:07:31.0619 0364  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:07:31.0650 0364  WerSvc - ok
22:07:31.0728 0364  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:07:31.0775 0364  WfpLwf - ok
22:07:31.0806 0364  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:07:31.0822 0364  WIMMount - ok
22:07:31.0916 0364  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
22:07:31.0947 0364  WinDefend - ok
22:07:31.0962 0364  WinHttpAutoProxySvc - ok
22:07:32.0025 0364  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
22:07:32.0072 0364  Winmgmt - ok
22:07:32.0150 0364  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM          C:\Windows\system32\WsmSvc.dll
22:07:32.0228 0364  WinRM - ok
22:07:32.0322 0364  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:07:32.0337 0364  WinUsb - ok
22:07:32.0431 0364  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
22:07:32.0478 0364  Wlansvc - ok
22:07:32.0666 0364  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:07:32.0712 0364  wlidsvc - ok
22:07:32.0775 0364  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
22:07:32.0791 0364  WmiAcpi - ok
22:07:32.0884 0364  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:07:32.0916 0364  wmiApSrv - ok
22:07:33.0041 0364  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
22:07:33.0103 0364  WMPNetworkSvc - ok
22:07:33.0181 0364  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:07:33.0197 0364  WPCSvc - ok
22:07:33.0275 0364  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:07:33.0291 0364  WPDBusEnum - ok
22:07:33.0337 0364  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
22:07:33.0384 0364  ws2ifsl - ok
22:07:33.0431 0364  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
22:07:33.0478 0364  wscsvc - ok
22:07:33.0509 0364  WSearch - ok
22:07:33.0619 0364  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:07:33.0681 0364  wuauserv - ok
22:07:33.0728 0364  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:07:33.0744 0364  WudfPf - ok
22:07:33.0775 0364  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:07:33.0791 0364  WUDFRd - ok
22:07:33.0853 0364  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
22:07:33.0869 0364  wudfsvc - ok
22:07:33.0900 0364  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
22:07:33.0947 0364  WwanSvc - ok
22:07:34.0056 0364  ================ Scan global ===============================
22:07:34.0119 0364  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
22:07:34.0166 0364  [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
22:07:34.0197 0364  [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
22:07:34.0244 0364  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:07:34.0291 0364  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:07:34.0291 0364  [Global] - ok
22:07:34.0291 0364  ================ Scan MBR ==================================
22:07:34.0306 0364  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:07:34.0619 0364  \Device\Harddisk0\DR0 - ok
22:07:34.0634 0364  ================ Scan VBR ==================================
22:07:34.0634 0364  [ C7951133FABAD644D4B81C554E75891E ] \Device\Harddisk0\DR0\Partition1
22:07:34.0634 0364  \Device\Harddisk0\DR0\Partition1 - ok
22:07:34.0666 0364  [ 072D1058C8813FE7528BB31E4C333E0A ] \Device\Harddisk0\DR0\Partition2
22:07:34.0666 0364  \Device\Harddisk0\DR0\Partition2 - ok
22:07:34.0697 0364  ============================================================
22:07:34.0697 0364  Scan finished
22:07:34.0697 0364  ============================================================
22:07:34.0712 0880  Detected object count: 2
22:07:34.0712 0880  Actual detected object count: 2
22:07:45.0306 0880  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:45.0306 0880  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:07:45.0306 0880  NBService ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:45.0306 0880  NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 23.12.2012 22:13
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

showmaker 23.12.2012 22:27
ich habe alles fenster und programme geschlossen. und den CF geöffnet. Er hat mich darauf hingewiesen dass Avast Antivirus noch läuft und evtl die Arbeit von CF behindern kann. Wie du es auch schon angekündigt hast. Bevor ich auf Ok klicke soll ich also dieses Programm beenden. Ich finde aber nicht wo. Unten rechts in der Leiste wird mir das Avast symbol nicht angezeigt. Im task manager unter anwendungen und prozesse taucht es auch nicht auf. Unter Dienste wird mir der status avast antivirus mit beendet angezeigt.

habe es jetzt hinbekommen

hier der cf log
Code:
ComboFix 12-12-23.01 - Jonas 24.12.2012  0:23.1.2 - x86 NETWORK
Microsoft Windows 7 Enterprise  6.1.7600.0.1252.49.1033.18.1917.1387 [GMT 1:00]
ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Jonas\AppData\Roaming\ImgBurn.exe
c:\users\Jonas\AppData\Roaming\Local
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\b7e86afd0b5e5248fc837c745a35c344.ddr
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\FILE4D5EC042E7FFA.plong.ddr
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\sight_sbrueder_extended_cd1.avi.ddr
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b7e86afd0b5e5248fc837c745a35c344
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong(2).ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong(3).ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong(4).ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong.ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D5EC042E7FFA.plong.ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\sight_sbrueder_extended_cd1.avi
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\Jonas\AppData\Roaming\yuvcodecs-1.3.exe
c:\users\Jonas\wgsdgsdgdsgsd.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 23:31 . 2012-12-23 23:32        --------        d-----w-        c:\users\Jonas\AppData\Local\temp
2012-12-23 23:31 . 2012-12-23 23:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-12-23 23:20 . 2012-12-23 23:20        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF01631D-13B0-4846-811B-76EBCF0BD717}\offreg.dll
2012-12-23 19:03 . 2012-12-23 19:03        --------        d-----w-        C:\_OTL
2012-12-21 22:01 . 2012-12-21 22:02        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0
2012-12-21 19:53 . 2012-12-21 19:53        2889        ----a-w-        c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 15:12 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF01631D-13B0-4846-811B-76EBCF0BD717}\mpengine.dll
2012-12-17 21:22 . 2012-11-22 07:43        2344960        ----a-w-        c:\windows\system32\win32k.sys
2012-12-17 21:20 . 2012-09-06 16:48        245616        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2012-12-17 21:20 . 2012-11-09 04:49        2048        ----a-w-        c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 21:50 . 2012-04-01 12:21        697272        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-17 21:50 . 2011-05-17 16:22        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-07-12 06:52        361032        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-12 06:52        738504        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-12 06:52        54232        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-12 06:52        58680        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-07-12 06:52        21256        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-12 06:52        41224        ----a-w-        c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-12 06:52        227648        ----a-w-        c:\windows\system32\aswBoot.exe
2012-10-23 19:45 . 2012-10-23 19:45        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-10-23 19:45 . 2010-04-19 08:13        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-10-16 20:34 . 2012-12-17 21:21        559104        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-07-12 06:52        44784        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-10-02 18:58 . 2012-07-03 08:23        821736        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-25 21:55 . 2012-11-17 13:03        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-07-18 20:29 . 2011-05-07 07:58        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        121528        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPhoneExplorer.lnk]
path=c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPhoneExplorer.lnk
backup=c:\windows\pss\MyPhoneExplorer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 20:43        926896        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2011-09-09 09:09        523216        ----a-w-        c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15        63360        ----a-w-        c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44        37888        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Realtime Audio Engine"="mmrtkrnl.exe" /i
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Skytel"=Skytel.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [x]
R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:50]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 16:03]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 16:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mydrive.ch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\
FF - prefs.js: browser.startup.homepage - spiegelonline.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-24  00:34:17
ComboFix-quarantined-files.txt  2012-12-23 23:34
.
Vor Suchlauf: 3.685.961.728 Bytes frei
Nach Suchlauf: 3.580.018.688 Bytes frei
.
- - End Of File - - D14A6179200C460520686E6F089B8263

cosinus 24.12.2012 15:58
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

showmaker 24.12.2012 20:10
Code:
# AdwCleaner v2.102 - Logfile created 12/24/2012 at 20:07:14
# Updated 23/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\searchplugins\11-suche.xml
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\Users\Jonas\AppData\Local\Ilivid Player
Folder Found : C:\Users\Jonas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jonas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitCommon
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitEngine
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\CT2319825
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\WinampToolbarData

***** [Registry] *****

Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", false);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "CT2319825");
Found : user_pref("CT2319825.CurrentServerDate", "22-5-2012");
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Tue May 22 2012 15:16:25 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.FirstServerDate", "25-12-2010");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FirstTimeSettingsDone", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", false);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2319825.InstallationType", "Unknown");
Found : user_pref("CT2319825.InstalledDate", "Sat Dec 25 2010 21:16:20 GMT+0100");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", true);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_2.7.2.0", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.LastLogin_3.12.2.3", "Tue May 22 2012 20:44:01 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.12.2.3");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.LoginCache", 4);
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.RadioIsPodcast", false);
Found : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioMediaID", "11949532");
Found : user_pref("CT2319825.RadioMediaType", "Media Player");
Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Found : user_pref("CT2319825.RadioShrinked", "shrinked");
Found : user_pref("CT2319825.RadioStationName", "1Live");
Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Found : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2319825.SettingsLastCheckTime", "Tue May 22 2012 20:44:00 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 21:16:15 GMT+0100");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2319825.ToolbarDisabled", true);
Found : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.UserID", "UN38099116315418047");
Found : user_pref("CT2319825.ValidationData_Toolbar", 1);
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "32363338343838");
Found : user_pref("CT2319825.clientLogIsEnabled", false);
Found : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.revertSettingsEnabled", true);
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"1-194[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:17:48 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:17:34 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{f348f11a-3bf6-4b55-b8d6-7e71fcc48427}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "027e544e-1419-4d9d-aa89-c43f80750bed");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 10:20:01 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN47740451014137897");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15358 octets] - [24/12/2012 20:07:14]

########## EOF - C:\AdwCleaner[R1].txt - [15419 octets] ##########

cosinus 26.12.2012 21:17
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

showmaker 26.12.2012 21:34
ich hatte awd cleaner vorher nicht. hatte also letztes mal eigtl die neue/aktuelle version runtergeladen. habe die exe datei jetzt aber wieder gelöscht und bin dann wieder dem link gefolgt und habe es neu heruntergeladen. hier die log. falls ich was falsch gemacht hab sag mir bitte noch mal bescheid.

Code:
# AdwCleaner v2.103 - Logfile created 12/26/2012 at 21:31:50
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\searchplugins\11-suche.xml
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\Users\Jonas\AppData\Local\Ilivid Player
Folder Found : C:\Users\Jonas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jonas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitCommon
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitEngine
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\CT2319825
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\WinampToolbarData

***** [Registry] *****

Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", false);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "CT2319825");
Found : user_pref("CT2319825.CurrentServerDate", "22-5-2012");
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Tue May 22 2012 15:16:25 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.FirstServerDate", "25-12-2010");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FirstTimeSettingsDone", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", false);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2319825.InstallationType", "Unknown");
Found : user_pref("CT2319825.InstalledDate", "Sat Dec 25 2010 21:16:20 GMT+0100");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", true);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_2.7.2.0", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.LastLogin_3.12.2.3", "Tue May 22 2012 20:44:01 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.12.2.3");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.LoginCache", 4);
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.RadioIsPodcast", false);
Found : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioMediaID", "11949532");
Found : user_pref("CT2319825.RadioMediaType", "Media Player");
Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Found : user_pref("CT2319825.RadioShrinked", "shrinked");
Found : user_pref("CT2319825.RadioStationName", "1Live");
Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Found : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2319825.SettingsLastCheckTime", "Tue May 22 2012 20:44:00 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 21:16:15 GMT+0100");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2319825.ToolbarDisabled", true);
Found : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.UserID", "UN38099116315418047");
Found : user_pref("CT2319825.ValidationData_Toolbar", 1);
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "32363338343838");
Found : user_pref("CT2319825.clientLogIsEnabled", false);
Found : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.revertSettingsEnabled", true);
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"1-194[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:17:48 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:17:34 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{f348f11a-3bf6-4b55-b8d6-7e71fcc48427}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "027e544e-1419-4d9d-aa89-c43f80750bed");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 10:20:01 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN47740451014137897");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15489 octets] - [24/12/2012 20:07:14]
AdwCleaner[R2].txt - [15419 octets] - [26/12/2012 21:31:50]

########## EOF - C:\AdwCleaner[R2].txt - [15480 octets] ##########

cosinus 26.12.2012 22:03
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

showmaker 26.12.2012 22:46
Adw
Code:
# AdwCleaner v2.103 - Logfile created 12/26/2012 at 22:08:16
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\searchplugins\11-suche.xml
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\Users\Jonas\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Jonas\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jonas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\Conduit
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitCommon
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitEngine
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\CT2319825
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\WinampToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

Deleted : user_pref("CT2319825..clientLogIsEnabled", false);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CTID", "CT2319825");
Deleted : user_pref("CT2319825.CurrentServerDate", "22-5-2012");
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Tue May 22 2012 15:16:25 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 07 2011 00:39:59 GMT+0100");
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 07 2011 00:40:00 GMT+0100");
Deleted : user_pref("CT2319825.FirstServerDate", "25-12-2010");
Deleted : user_pref("CT2319825.FirstTime", true);
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2319825.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2319825.InstallationType", "Unknown");
Deleted : user_pref("CT2319825.InstalledDate", "Sat Dec 25 2010 21:16:20 GMT+0100");
Deleted : user_pref("CT2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", true);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_2.7.2.0", "Fri Jan 07 2011 00:39:59 GMT+0100");
Deleted : user_pref("CT2319825.LastLogin_3.12.2.3", "Tue May 22 2012 20:44:01 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.LoginCache", 4);
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Deleted : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 07 2011 00:40:00 GMT+0100");
Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Deleted : user_pref("CT2319825.RadioShrinked", "shrinked");
Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Deleted : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Tue May 22 2012 20:44:00 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 21:16:15 GMT+0100");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2319825.ToolbarDisabled", true);
Deleted : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2319825.UserID", "UN38099116315418047");
Deleted : user_pref("CT2319825.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Fri Jan 07 2011 00:40:00 GMT+0100");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "32363338343838");
Deleted : user_pref("CT2319825.clientLogIsEnabled", false);
Deleted : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.initDone", true);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.revertSettingsEnabled", true);
Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Deleted : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"1-194[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:17:48 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:17:34 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{f348f11a-3bf6-4b55-b8d6-7e71fcc48427}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 00:39:59 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "027e544e-1419-4d9d-aa89-c43f80750bed");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 10:20:01 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 09:12:44 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 09:12:44 GMT+0100");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN47740451014137897");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 09:12:44 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15489 octets] - [24/12/2012 20:07:14]
AdwCleaner[R2].txt - [15550 octets] - [26/12/2012 21:31:50]
AdwCleaner[S1].txt - [15711 octets] - [26/12/2012 22:08:16]

########## EOF - C:\AdwCleaner[S1].txt - [15772 octets] ##########
OTL.txt
Code:
OTL logfile created on: 26.12.2012 22:34:00 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,15% Memory free
3,74 Gb Paging File | 3,30 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,44 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation)
DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.25 21:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.24 20:05:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012.09.23 21:43:40 | 000,208,008 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.24 20:05:30 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.24 00:31:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000..\RunOnce: [Report] C:\AdwCleaner[S1].txt File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp
[2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.05.07 10:35:08 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
[2012.05.07 10:34:41 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Jonas\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.26 22:15:29 | 000,659,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.26 22:15:29 | 000,623,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.26 22:15:29 | 000,133,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.26 22:15:29 | 000,109,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.26 22:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.26 22:10:59 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 22:10:00 | 000,449,895 | ---- | M] () -- C:\SiSKmd_1.dmp
[2012.12.26 21:31:15 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.12.24 00:31:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | M] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 22:45:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.21 20:53:21 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 20:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 20:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 07:33:06 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.17 22:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.26 22:09:52 | 000,449,895 | ---- | C] () -- C:\SiSKmd_1.dmp
[2012.12.26 21:31:09 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | C] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2012.05.07 10:36:14 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe
[2012.05.07 10:34:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Jonas\AppData\Roaming\AvsP.exe
[2012.05.07 10:34:57 | 001,357,348 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
[2012.04.11 17:31:41 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
otlextras
Code:
OTL Extras logfile created on: 26.12.2012 22:34:00 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,15% Memory free
3,74 Gb Paging File | 3,30 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,44 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -    Unable
to contact server.. 
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -    Unable
to contact server.. 
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -    Unable
to contact server.. 
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -    Unable
to contact server.. 
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -    Unable
to contact server.. 
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time.  This session ended with
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.12.2012 17:27:38 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:32:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:32:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:32:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:34:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:34:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:34:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:39:24 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:39:24 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 17:39:24 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
habe den browser geschlossen gehabt und sonst auch alles. bin ich es schuld dass es zu so vielen error meldungen gekommen ist?

cosinus 27.12.2012 08:59
Wieso bist du denn noch die ganze Zeit im abgesicherten Modus drin?!
Geht der normale Modus immer noch nicht oder hast du den noch nicht getestet bisher?

showmaker 27.12.2012 09:22
hatte ich mich bisher nicht getraut. bin jetzt im normalen modus drin und die meldung öffnet sich nicht mehr.

cosinus 27.12.2012 09:42
Dann mach bitte im normalen Modus das Log mit OTL

showmaker 27.12.2012 10:04
otl
Code:
OTL logfile created on: 27.12.2012 09:46:52 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,69% Memory free
3,74 Gb Paging File | 2,83 Gb Available in Paging File | 75,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 4,06 Gb Free Space | 10,38% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation)
DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.24 00:31:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp
[2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.05.07 10:35:08 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
[2012.05.07 10:34:41 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Jonas\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 09:49:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 09:24:54 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 09:24:54 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 09:22:13 | 000,659,982 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.27 09:22:13 | 000,623,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 09:22:13 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.27 09:22:13 | 000,109,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 09:15:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 09:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 09:14:21 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 21:31:15 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.12.24 00:31:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | M] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 20:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 07:33:06 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.17 22:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:31:09 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | C] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2012.05.07 10:36:14 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe
[2012.05.07 10:34:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Jonas\AppData\Roaming\AvsP.exe
[2012.05.07 10:34:57 | 001,357,348 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
[2012.04.11 17:31:41 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
extras
Code:
OTL Extras logfile created on: 27.12.2012 09:46:52 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,69% Memory free
3,74 Gb Paging File | 2,83 Gb Available in Paging File | 75,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 4,06 Gb Free Space | 10,38% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 04:15:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -    Unable
to contact server.. 
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -    Unable
to contact server.. 
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -    Unable
to contact server.. 
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -    Unable
to contact server.. 
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -    Unable
to contact server.. 
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time.  This session ended with
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.12.2012 19:16:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 19:16:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 19:16:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 19:18:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 19:18:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 19:18:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2012 04:15:03 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 27.12.2012 04:15:04 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 27.12.2012 04:15:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 27.12.2012 04:18:34 | Computer Name = Jonas-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

cosinus 27.12.2012 10:13

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:Files
C:\Windows\System32\uninstHelixYUV.exe
C:\Users\Jonas\AppData\Roaming\AvsP.exe
C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
C:\Users\Jonas\Desktop\MBR.dat
C:\ProgramData\dsgsdgdsgdsgw.*
C:\Windows\System32\sysmwwod.dll
C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
C:\Users\Jonas\AppData\Roaming\Avisynth.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

showmaker 27.12.2012 10:45
Code:
All processes killed
========== FILES ==========
C:\Windows\System32\uninstHelixYUV.exe moved successfully.
C:\Users\Jonas\AppData\Roaming\AvsP.exe moved successfully.
C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe moved successfully.
C:\Users\Jonas\Desktop\MBR.dat moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Windows\System32\sysmwwod.dll moved successfully.
C:\Users\Jonas\AppData\Roaming\SetupGFD.exe moved successfully.
C:\Users\Jonas\AppData\Roaming\Avisynth.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jonas\Desktop\cmd.bat deleted successfully.
C:\Users\Jonas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jonas
->Temp folder emptied: 36085 bytes
->Temporary Internet Files folder emptied: 10350368 bytes
->Java cache emptied: 1431690 bytes
->FireFox cache emptied: 109548135 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2851 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 329309 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 116,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12272012_104100

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 27.12.2012 10:56
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

showmaker 27.12.2012 11:11
sollte jetzt oben sein

cosinus 27.12.2012 11:14
Nein ist nicht...ist die Datei zu groß? Wenn mehrere MBytes groß bitte hier hochladen => File-Upload.net - Ihr kostenloser File Hoster! und den Link im nächsten Beitrag posten

showmaker 27.12.2012 11:25
Die Datei ist 18 mb groß. Bin jetzt unterwegs. Wenn ich wieder zu Hause bin werde ich es nochmal versuchen. Sry!

cosinus 27.12.2012 11:36
Ok, melde dich bzw. poste einfach den Link hier wenn sie bei file-upload ist

showmaker 27.12.2012 16:33
File-Upload.net - MovedFiles.zip

cosinus 27.12.2012 21:15
Was soll ich damit anfangen, das ist kein Link!

showmaker 27.12.2012 21:26
sry bin ich ein depp. hatte irgendwie nur den letzten teil des link namens im zwischenspeicher. sollte mal lesen was ich poste. tut mir leid.

File-Upload.net - MovedFiles.zip

cosinus 27.12.2012 21:36
Und wo ist da bitte jetzt der Unterschied?!
Nutz doch mal bitte die Vorschaufunktion!

showmaker 27.12.2012 21:43
www.file-upload.net/download-6977668/MovedFiles.zip.html

cosinus 27.12.2012 21:58
Ok, danke. Ich brauch nach dem letzten OTL-Fix natürlich wieder ein neues Kontrolllog mit OTL....

showmaker 27.12.2012 22:49
Code:
OTL logfile created on: 27.12.2012 22:22:29 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,65% Memory free
3,74 Gb Paging File | 2,93 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,54 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation)
DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.27 10:41:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 09:20:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.27 09:20:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp
[2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 22:14:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.27 22:14:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 21:20:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 16:28:00 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:28:00 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:25:55 | 000,659,982 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.27 16:25:55 | 000,623,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 16:25:55 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.27 16:25:55 | 000,109,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 16:19:54 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 10:41:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.12.27 10:35:18 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.26 21:31:15 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.17 22:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:31:09 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.25 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\7-PDFMaker
[2010.01.13 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AlcaTech
[2010.12.23 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AquaSoft
[2011.11.27 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ashampoo Slideshow Studio Elements
[2011.06.14 22:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\avidemux
[2010.01.15 18:15:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ChessBase
[2012.02.22 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\CmapTools
[2010.01.20 22:18:03 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\dBpoweramp
[2011.10.14 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Downloaded Installations
[2012.10.18 21:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Dropbox
[2012.03.14 13:33:05 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoft
[2012.03.14 13:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.01 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\EndNote
[2012.04.11 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\FreeAudioPack
[2011.03.15 21:17:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GetRightToGo
[2011.03.23 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GraphPad Software
[2012.10.02 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ICQ
[2011.03.23 13:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Leadertech
[2011.06.15 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MAGIX
[2012.12.16 16:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer
[2012.07.22 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Nitro PDF
[2011.02.18 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Opera
[2010.08.27 14:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\SerialCloner
[2011.05.18 13:15:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Thunderbird
[2010.09.29 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Tonium
[2009.12.25 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TuneUp Software
[2012.01.24 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\VSO
[2010.12.24 11:09:42 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
und die extras
Code:
OTL Extras logfile created on: 27.12.2012 22:22:29 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,65% Memory free
3,74 Gb Paging File | 2,93 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,54 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 04:15:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 05:36:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 05:41:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 05:43:37 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 11:20:44 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -    Unable
to contact server.. 
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -    Unable
to contact server.. 
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -    Unable
to contact server.. 
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -    Unable
to contact server.. 
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -    Unable
to contact server.. 
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time.  This session ended with
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.12.2012 05:35:43 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 27.12.2012 05:41:01 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 1000 Millisekunden durchgeführt: Restart the service.
 
Error - 27.12.2012 05:42:58 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 27.12.2012 05:42:58 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 27.12.2012 05:43:12 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 27.12.2012 05:43:29 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Live ID Sign-in Assistant erreicht.
 
Error - 27.12.2012 05:43:29 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 27.12.2012 11:20:27 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 27.12.2012 11:20:27 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 27.12.2012 13:39:32 | Computer Name = Jonas-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
 
< End of report >

cosinus 28.12.2012 12:12
Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

showmaker 28.12.2012 14:07
habe die alte exe datei vom desktop gelöscht und den papierkorb geleert.
bin dem link in der von dir geposteden beschreibung gefolgt und habe die adw neu heruntergeladen und eine neue suche gemacht. in der textdatei stand updated 25/12/2012. habe dann nochmal geschaut ob es eine andere neuere version gibt aber war nicht erfolgreich. das aktuellste schein von 25.12.2012 zu sein. und soweit ich das als laie erkenne findet der nix oder?

Code:
# AdwCleaner v2.103 - Logfile created 12/28/2012 at 14:02:05
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Jonas\Desktop\adwcleaner_2.103.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15489 octets] - [24/12/2012 20:07:14]
AdwCleaner[R2].txt - [15550 octets] - [26/12/2012 21:31:50]
AdwCleaner[R3].txt - [1029 octets] - [28/12/2012 13:54:25]
AdwCleaner[R4].txt - [968 octets] - [28/12/2012 14:02:05]

########## EOF - C:\AdwCleaner[R4].txt - [1027 octets] ##########

cosinus 28.12.2012 14:09

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

showmaker 28.12.2012 14:30
Code:
All processes killed
========== OTL ==========
Prefs.js: finder@meingutscheincode.de:2.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jonas\Desktop\cmd.bat deleted successfully.
C:\Users\Jonas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jonas
->Temp folder emptied: 71890 bytes
->Temporary Internet Files folder emptied: 498699 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16887585 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494442 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 17,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_142050

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
soll ich noch mal nen OTL scan machen und die dateien wieder hochladen?

cosinus 28.12.2012 18:18
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

showmaker 28.12.2012 19:56
otl

Code:
OTL logfile created on: 28.12.2012 19:14:13 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,83% Memory free
3,74 Gb Paging File | 2,88 Gb Available in Paging File | 76,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,48 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,62 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation)
DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.28 14:21:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 14:39:17 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.12.28 14:39:08 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.12.28 14:39:08 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.12.28 14:39:08 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.12.28 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.27 09:20:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.27 09:20:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp
[2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 19:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 19:12:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.28 19:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 14:39:02 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.12.28 14:39:00 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.12.28 14:39:00 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.12.28 14:39:00 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.12.28 14:38:59 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.12.28 14:38:59 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.12.28 14:34:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.28 14:34:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.28 14:30:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 14:30:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 14:22:49 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.28 14:22:19 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 14:21:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.12.28 14:01:37 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner_2.103.exe
[2012.12.27 16:25:55 | 000,659,982 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.27 16:25:55 | 000,623,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 16:25:55 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.27 16:25:55 | 000,109,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 10:35:18 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.28 14:01:28 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner_2.103.exe
[2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
extras

Code:
OTL Extras logfile created on: 28.12.2012 19:14:13 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,83% Memory free
3,74 Gb Paging File | 2,88 Gb Available in Paging File | 76,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,48 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,62 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 04:15:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 05:36:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 05:41:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 05:43:37 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 11:20:44 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 28.12.2012 08:49:44 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 28.12.2012 09:21:00 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 28.12.2012 09:23:11 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -    Unable
to contact server.. 
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -    Unable
to contact server.. 
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -    Unable
to contact server.. 
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -    Unable
to contact server.. 
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -    Unable
to contact server.. 
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -    Unable
to contact server.. 
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -    Unable
to contact server.. 
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time.  This session ended with
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.12.2012 11:20:27 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 27.12.2012 13:39:32 | Computer Name = Jonas-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 28.12.2012 08:49:23 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 28.12.2012 08:49:23 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 28.12.2012 08:49:38 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 28.12.2012 09:20:51 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 1000 Millisekunden durchgeführt: Restart the service.
 
Error - 28.12.2012 09:22:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 28.12.2012 09:22:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1068
 
Error - 28.12.2012 09:23:02 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 28.12.2012 11:55:37 | Computer Name = Jonas-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
 
< End of report >

cosinus 28.12.2012 19:59
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


showmaker 29.12.2012 00:36
habe den maleware bytes scan (nicht den quickscan sondern den ausführlichen laufen lassen). das hat zieml lange gedauert. aber ich bin mir nicht sicher ob er ales geschaft hab. als ich gerade zurück an den laptop war war er in den standbymodus gewechselt. ich hoffe das macht er nicht während eines scans.als ich ihn wieder aus dem standby zurück geholt habe hat er mir gesagt scan abgeschlossen. hier auf jeden fall die log datei:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.28.10

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [Administrator]

28.12.2012 20:18:51
MBAM-log-2012-12-29 (00-12-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414745
Laufzeit: 1 Stunde(n), 58 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Users\Jonas\wgsdgsdgdsgsd.dll.vir (Trojan.Reveton) -> Keine Aktion durchgeführt.

(Ende)
ich könnte falls der standbymodus das verhindert haben sollte noch mal über nacht laufen lassen mit anderen energieeinstellungen. denke aber eigtl dass das geklappt haben sollte.

bei dem ESET scanner kommt immer die meldung

can not get update is proxy configured?

habe firewall und avast dabei auf jeden fall ausgehabt, und auch keine proxy einstellungen vorgenommen. also nur die 2 haken wie geschrieben gesetzt bzw entfernt.

und noch eine frage zu dem usb stick. ich habe den nachdem ich den virus bekommen hatte im sicheren modus angeschlossen um eine datei zu sichern die ich dringend brauchte. habe die dann online gecheckt und konnte daran weiterarbeiten. weiß aber nicht ob der stick quasi etwas abbekommen hat. ist es dann ratsam diesen stick während des scans anzuschliesßen, wenn ja kein antivirenprogram und keine firewall aktiv ist?

cosinus 29.12.2012 00:39
Dieses Setup von ESET von runterladen => http://filepony.de/download-eset_online_scanner/
Beende danach alle Programme und starte das Setup via Rechtklick => als Administrator ausführen

showmaker 29.12.2012 00:48
100% des downloads der virendatenbank und dann:

unexpected error 2002

cosinus 29.12.2012 00:49
Bitte darin testen


Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

showmaker 29.12.2012 01:08
sry an gleicher stelle der gleiche fehler.

heute morgen hat es dann doch noch im normalen modus geklappt. der scan läuft immer noch (schreibe von einem anderen pc). usb stick ist nicht drin. vllt lag es daran. poste die logfile sobald ich sie habe.

hier nun die log vom ESET scanner

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=f006084a5da86849adadf7411a47235f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-29 01:11:23
# local_time=2012-12-29 02:11:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=774 16777213 100 94 974556 133496555 0 0
# compatibility_mode=1797 16774142 0 1 18917076 18917076 0 0
# compatibility_mode=5893 16776573 100 94 36261 108417874 0 0
# scanned=224506
# found=3
# cleaned=0
# scan_time=8237
C:\Qoobox\Quarantine\C\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk.vir        Win32/Reveton.M trojan (unable to clean)        B44BA569E783000DB3FE541264E3890E3C9EEB3E        I
C:\_OTL\MovedFiles.zip        JS/Agent.NID trojan (unable to clean)        C35CBDC0D8AD570389B0C16FEDB648E8E2BF6C62        I
C:\_OTL\MovedFiles\12272012_104100\C_ProgramData\dsgsdgdsgdsgw.js        JS/Agent.NID trojan (unable to clean)        71613CA7D671FB83FEE3BC4F5C934E0E6E9EE988        I

cosinus 29.12.2012 21:28
Sieht soweit ok aus, nur Funde in der Q von OTL Und Combofix

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

showmaker 29.12.2012 22:34
1) danke für deine hilfe!!!
2) mit den cookies werde ich mich drum kümmern.
3) soll ich die quarantäne ordner manuell löschen?
4) soll ich OTL oder die anderen scanner deinstallieren oder lass ich die einfach auf dem rechner?
5) was würdest du mit dem usb stick machen? kann ich den einfach mal anschließen und mit avast oder ähnlichem testen und funde löschen?
6) würdest du dich trauen mt dem rechner noch online banking zu machen? ich habe hier im forum etwas dazu gelesen. zb secure banking. damit sollte es doch eigtl gehen oder?
7) habe flash player, adobe reader, java und mozilla alles upto date.werde auch noch die plug ins checken und updaten. muss ich sonst noch auf etwas achten?
8) noch mal danke!

cosinus 30.12.2012 01:25
Lass die Q-Ordner bitte in Ruhe, da muss man nichts manuell löschen
USB-Datenträger einfach mit einem Scanner und/oder Malwarebytes prüfen lassen
Und ja, ich denke OnlineBanking kannst du ruhig machen

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131