| Bilvobus | 31.05.2013 23:23 |
Hallo Cosinus,
vielen Dank, dass Du Dich der Sache annimmst! Anbei die erbetenen Logfiles:
1) JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Anwender on 31.05.2013 at 23:35:21,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2801948
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Anwender\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Anwender\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{011E258B-CDFD-43E0-9B8A-0A1E5233F3F4}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{0A05891D-B8DE-4435-8D5A-0D64EC843F3E}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{2DFAAC9C-CCD7-437E-BE59-F3AF28372DEA}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{57351234-FD81-4C82-9509-771F85BE3C38}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{75EB3ED6-C545-4852-9B67-CF7629387044}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{77C6B01A-545D-433D-93C9-D27BB41FAEF2}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{799D1824-CA68-4E93-9E92-17EECD3B2071}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{82EE7AA2-5AE0-434B-A5DB-3F82C084BC22}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{8FF55172-A834-49B3-82FD-AC2576E1C24C}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{A5875E67-37BB-4368-87FB-599F6D487EF0}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{C09BC311-8BD8-47A8-8707-81A4C130F2CF}
Successfully deleted: [Empty Folder] C:\Users\Anwender\appdata\local\{EA64FB8A-3651-4ECA-BEAD-2BF036DC8ED8}
~~~ FireFox
Successfully deleted: [File] C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\prefs.js
user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}");
Emptied folder: C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\minidumps [78 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2013 at 23:37:26,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2) AdwCleaner: Code:
# AdwCleaner v2.301 - Datei am 31/05/2013 um 23:45:47 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Anwender - TERRA-1528
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Anwender\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Anwender\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Anwender\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Anwender\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\kj3crl5r.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2376 octets] - [31/05/2013 23:45:47]
########## EOF - C:\AdwCleaner[S1].txt - [2436 octets] ##########
3) OTL A: OTL.txt Code:
OTL logfile created on: 31.05.2013 23:56:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anwender\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,90 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 30,44% Memory free
3,81 Gb Paging File | 2,04 Gb Available in Paging File | 53,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 191,39 Gb Free Space | 64,21% Space Free | Partition Type: NTFS
Computer Name: TERRA-1528 | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Anwender\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Hotkey\PowerBiosServer.exe ()
PRC - C:\Programme\Hotkey\Hotkey.exe ()
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\ChiconyCam\CECAPLF.exe (Chicony)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8\Acrobat\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5159c027f5e10eb3ac1a503de00b1177\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\da2fc4e88b85c4ba653675aa1a4f5275\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\735e445ec1174337053802a2cced3268\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\7b7ceb9a8eee6d56f20caeda47888a3c\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\8483b1550e5ec724117d43dccaa699fb\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\274d6e5913b8ffa086332f4ff5946867\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\dd42d415df4a8c8bffd0ec5b314e1e32\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\525f7f32807a42a3ea915e263817b3c8\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\9bea8b33f60f8b4e77a062c948812051\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\a0508815b9f6ee4c8f87fe6107e19df1\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\9787d19eecd04f5206fef00ad485cb84\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fc22dbe57cb3e53e2596f988b224ef6d\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\c3352eea64dbdb40804fffc5592dcb26\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\10db0aab016090f1e1803c74a9237ece\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a2bfd4dbe1d25192a16a60fab23017e9\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\dd19ac354bef96ef55d3209ffefd9768\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3658bb37ac67ab51c860e53937143087\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f804f79c328e8b3caa92602e434de2e2\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b67196c5908612fe14b3899c4046550a\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\7de8f7ba88e67af991265d86a1dcb3d7\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\82004d49826a7368a84c0d4a44f7a98d\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\3456dd6d9ed03df84af6abd1b86fd03a\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e7e64d58b63544c1e2790c4d13060440\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\c895cfdd49e39acd14f90209226f5abb\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\029538b8417b7af942a03c262b0226f3\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\869962a0abf66c7b3ac161e755349336\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\ed97f510e91aff4e4f00987ec1fb8b70\Interop.DeviceServiceModelDBLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Hotkey\Hotkey.exe ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Hotkey\Audiodll.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (PowerBiosServer) -- C:\Programme\Hotkey\PowerBiosServer.exe ()
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (cpuz135) -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{93DEC05D-78F9-48FC-9034-98A18EC547FC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\..\SearchScopes\{1A671BE1-60A2-449B-B3C7-4BE3172FEC7B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: extended.copy.menu%40fix.version:1.6.1c
FF - prefs.js..extensions.enabledAddons: vtzilla%40virustotal.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B75e19832-90c0-4553-91a0-e5d0ac5d99fd%7D:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B9b84cce7-a817-45d7-865e-9e6e8da1c388%7D:1.0.6
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.17 10:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.17 10:28:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.08.25 15:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2013.05.15 21:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\kj3crl5r.default\extensions
[2012.10.13 21:12:09 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\kj3crl5r.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.08.25 15:27:16 | 000,019,423 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\extensions\extended.copy.menu@fix.version.xpi
[2013.05.15 21:32:21 | 000,143,251 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\extensions\firegestures@xuldev.org.xpi
[2011.08.25 15:27:16 | 000,017,877 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\extensions\vtzilla@virustotal.com.xpi
[2011.08.25 15:27:16 | 000,080,996 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\extensions\{75e19832-90c0-4553-91a0-e5d0ac5d99fd}.xpi
[2011.08.25 15:27:16 | 000,039,042 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\extensions\{9b84cce7-a817-45d7-865e-9e6e8da1c388}.xpi
[2013.05.09 16:14:24 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\kj3crl5r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.18 09:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.18 09:59:08 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2011.10.07 18:18:49 | 000,437,925 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15060 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CECAPLF] C:\Programme\ChiconyCam\CECAPLF.exe (Chicony)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3868602969-2332300106-1101947383-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.4.lnk = C:\Programme\LibreOffice 3.4\program\quickstart.exe ()
O4 - Startup: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27DD0D77-F733-4F80-A59C-674E372BD68A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04bf1aef-1104-11e1-ab28-0090f5c1c69b}\Shell - "" = AutoRun
O33 - MountPoints2\{04bf1aef-1104-11e1-ab28-0090f5c1c69b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{04bf1af2-1104-11e1-ab28-0090f5c1c69b}\Shell - "" = AutoRun
O33 - MountPoints2\{04bf1af2-1104-11e1-ab28-0090f5c1c69b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ec6c097a-07af-11e1-b805-0090f5c1c69b}\Shell - "" = AutoRun
O33 - MountPoints2\{ec6c097a-07af-11e1-b805-0090f5c1c69b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ec6c0980-07af-11e1-b805-0090f5c1c69b}\Shell - "" = AutoRun
O33 - MountPoints2\{ec6c0980-07af-11e1-b805-0090f5c1c69b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.31 23:35:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.31 23:34:50 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.31 23:29:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Anwender\Desktop\JRT.exe
[2013.05.31 18:55:17 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Logfiles
[2013.05.31 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.31 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\mbar
[2013.05.31 17:36:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.31 17:29:07 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Malwarebytes
[2013.05.31 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.31 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.31 17:29:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.31 17:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.31 17:27:16 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Local\Programs
[2013.05.22 08:18:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.05.22 08:18:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.18 09:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.17 10:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.15 23:05:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 23:05:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 23:05:17 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 23:05:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.15 23:05:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 23:05:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 23:05:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 23:05:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.15 23:05:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.15 23:05:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 22:57:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 22:57:12 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 22:57:01 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 22:56:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 22:56:56 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.06 09:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TR Assistant
[2013.05.06 09:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\TR Assistant
[2013.05.02 11:02:20 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
========== Files - Modified Within 30 Days ==========
[2013.05.31 23:55:51 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 23:55:51 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 23:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.31 23:48:03 | 1533,280,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.31 23:29:21 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Anwender\Desktop\JRT.exe
[2013.05.31 23:04:30 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.31 23:04:30 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.31 23:04:30 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.31 23:04:30 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.31 18:39:46 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2013.05.31 17:29:05 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.31 10:18:26 | 000,000,004 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\skype.ini
[2013.05.30 22:51:12 | 000,080,873 | ---- | M] () -- C:\Users\Anwender\ESt2011_***_***.elfo
[2013.05.30 22:46:33 | 000,098,375 | ---- | M] () -- C:\Users\Anwender\ESt2012_2_***_***_und_***_***.elfo
[2013.05.28 12:36:57 | 020,776,152 | ---- | M] () -- C:\Users\Anwender\Documents\Almanach1789.pdf
[2013.05.28 11:32:46 | 029,511,267 | ---- | M] () -- C:\Users\Anwender\Documents\Almanach1790.pdf
[2013.05.19 22:19:52 | 000,000,741 | ---- | M] () -- C:\Users\Anwender\Documents\2013-05-19.22.14.44.vnt
[2013.05.19 22:19:32 | 000,001,150 | ---- | M] () -- C:\Users\Anwender\Documents\2013-05-19.20.00.18.vnt
[2013.05.16 07:16:43 | 000,816,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.09 23:37:35 | 001,128,961 | ---- | M] () -- C:\Users\Anwender\Documents\2013-04-28 18.04.21.jpg
[2013.05.09 23:31:50 | 001,675,324 | ---- | M] () -- C:\Users\Anwender\Documents\DSC06132.JPG
[2013.05.06 09:41:43 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\TR Assistant.lnk
[2013.05.02 11:01:47 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
========== Files Created - No Company Name ==========
[2013.05.31 18:39:46 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2013.05.31 17:29:05 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.31 10:10:49 | 000,000,004 | ---- | C] () -- C:\Users\Anwender\AppData\Roaming\skype.ini
[2013.05.30 18:17:26 | 000,098,375 | ---- | C] () -- C:\Users\Anwender\ESt2012_2_***_***_und_***_***.elfo
[2013.05.28 11:32:46 | 029,511,267 | ---- | C] () -- C:\Users\Anwender\Documents\Almanach1790.pdf
[2013.05.28 09:24:19 | 020,776,152 | ---- | C] () -- C:\Users\Anwender\Documents\Almanach1789.pdf
[2013.05.19 22:19:50 | 000,000,741 | ---- | C] () -- C:\Users\Anwender\Documents\2013-05-19.22.14.44.vnt
[2013.05.19 22:19:28 | 000,001,150 | ---- | C] () -- C:\Users\Anwender\Documents\2013-05-19.20.00.18.vnt
[2013.05.09 23:37:35 | 001,128,961 | ---- | C] () -- C:\Users\Anwender\Documents\2013-04-28 18.04.21.jpg
[2013.05.09 23:31:47 | 001,675,324 | ---- | C] () -- C:\Users\Anwender\Documents\DSC06132.JPG
[2013.05.06 09:41:43 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\TR Assistant.lnk
[2013.04.08 11:20:33 | 000,002,520 | ---- | C] () -- C:\Users\Anwender\EUER2012.elfo
[2013.04.07 23:45:21 | 000,013,165 | ---- | C] () -- C:\Users\Anwender\ESt2012_***_***_und_***_***.elfo
[2013.04.07 22:32:05 | 000,080,873 | ---- | C] () -- C:\Users\Anwender\ESt2011_***_***.elfo
[2012.12.27 17:47:17 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.12.24 12:50:04 | 000,004,612 | ---- | C] () -- C:\Users\Anwender\.recently-used.xbel
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.06.01 01:58:16 | 000,012,288 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.01 01:13:03 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012.01.07 16:24:26 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\.gtk-bookmarks
[2012.01.06 18:28:20 | 000,681,954 | ---- | C] () -- C:\Users\Anwender\.fonts.cache-1
[2011.08.31 19:46:14 | 000,216,000 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.08.31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.08.31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.08.31 19:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.08.23 15:17:12 | 000,015,357 | ---- | C] () -- C:\Users\Anwender\PC-Test_Protocol.html
[2011.08.23 15:15:59 | 000,000,101 | ---- | C] () -- C:\Windows\OEM.ini
[2011.08.23 15:15:59 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini
[2011.08.23 12:47:15 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.08.23 12:47:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.08.23 12:47:14 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.08.23 12:11:10 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
4) OTL B: Extra.txt Code:
OTL Extras logfile created on: 31.05.2013 23:56:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anwender\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,90 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 30,44% Memory free
3,81 Gb Paging File | 2,04 Gb Available in Paging File | 53,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 191,39 Gb Free Space | 64,21% Space Free | Partition Type: NTFS
Computer Name: TERRA-1528 | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3868602969-2332300106-1101947383-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30F4B8E6-582F-41F8-B4CE-21710673EFD1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3EBD88C0-F315-407B-BEA1-6F6A0F10A0DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42BBFD7C-C402-43F8-B2D1-20DB85F90B18}" = lport=138 | protocol=17 | dir=in | app=system |
"{630DF6E8-1664-4321-A19F-27BB57B9E5CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{717E5A19-CC4F-4329-BD0C-D9B8045F119F}" = rport=138 | protocol=17 | dir=out | app=system |
"{761F0056-2D3B-4E64-9270-B1E1ED97805B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EB069C6-5515-4151-A1DD-512C96FE7079}" = lport=445 | protocol=6 | dir=in | app=system |
"{936E1AFA-AE5B-441B-8413-4E6FBD8DCCB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9918FF8E-F03F-454C-99F7-227A76EB712C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9C8D19EB-7BAD-4E33-A732-C4F75AF87196}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9F619E52-E9FB-4D14-9E44-0867C2AC5F8F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A064B6F7-9F8B-4B23-BAD9-AF1EA1D6E96F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA3A8EE6-83F4-40A6-8936-107DE8B9F73E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF8963C0-62BD-4CF7-8B8D-3CEE98F730EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B477D440-0F55-4452-91F6-4B44B5EEEF7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{C904DBCF-97C4-4077-834B-9585A170C3BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD1C1EBB-763E-4C24-86B6-E0D57CDB3CD8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA1DABDF-2BA2-4A89-AACE-DA0D4FF3E7F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1157F83-B2BD-4C91-961E-6AE2112869BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E15328CA-D801-402D-AABB-8211AEEBADFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3B42EEB-BCFD-4DCA-9C3B-5AD665E820BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E983E4FA-C10C-4466-BCAA-80B5803A485A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAA213FA-BF75-4326-A97F-124E27092827}" = rport=139 | protocol=6 | dir=out | app=system |
"{F5085B99-A0AA-4826-AD06-AA93D67206FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{FDBCF439-F317-4C5A-99D9-13837AE97AFC}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C2ED8E-A742-4982-AE2F-CE5B4A1FD940}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{02CBF316-7C7D-4FDC-899F-469CCC249B12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{03080A32-7045-4109-8781-18E85A245CFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{10659685-FDC4-4625-BCF7-DB10787F7175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11553C4C-7F14-485C-BF51-323EC793387C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12F8E699-F240-47CE-9B3B-7720E1E618A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{268BD8A2-37BB-4842-B861-7D60C8777211}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30E07CDC-E99A-4E54-84A8-3EA03A096723}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3E7A130E-F6D2-4A26-B552-7D55C1642EAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48F52E80-AF32-4A0E-B8BD-D4B1EFC00615}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6038B920-E94B-4CF8-BFEC-8BC923DA4F38}" = protocol=6 | dir=out | app=system |
"{6153F780-8004-4BA2-B921-E0404D5522F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A05EA4D-C17E-466A-8637-EFDBFACF10AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{766C8474-FD0E-4CA3-AC66-D32CDC98D2EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DBFAC14-51E5-4EDD-85C1-1D6D0427941E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A664E44-47DE-4985-8739-C3C4BD62AF31}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{CB478639-6C75-4709-8420-E142D5007399}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5961FDD-7AB0-4D1C-A3CA-D0018F7DF57D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5F7430B-8BE6-4291-867F-959823F38042}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD216B32-61A7-4EBA-A5BD-4DAB2B799BAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E8194DB9-1F02-4C3D-B1C4-C5611F2E0108}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA003BBC-CF3F-4607-A8F0-CBFFF86B0EDB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FEA9A104-D73A-493A-8702-C4A929102703}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{65401FDA-0650-4D82-BCD1-3BF589806EDD}C:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe |
"TCP Query User{B22B4A26-0979-4478-8B5B-52C5D2A57C28}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7F4D68FC-D873-442C-8067-473CC65DA100}C:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe |
"UDP Query User{8F700154-65E3-4A42-88EA-F2BBF49E2F59}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3025
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A10CD9-E281-4F3F-850E-F41D144B97C6}" = LibreOffice 3.4 Help Pack (German)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2C1D09AC-88B3-465F-9EBF-B475602CDEB1}" = TSI
"{2C1D09AC-88B3-465F-9EBF-B475602CDEB1} Adobe Technical Communication Suite" = Adobe Technical Communication Suite
"{305AA0B5-6298-4C99-AEB5-8ED1F3D0E007}" = FMSuitePlugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7B4CA480-7321-4AD4-BED1-F7177671C37E}" = Adobe FrameMaker 8
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2201542-DA80-457F-8BD9-6C9C90196481}" = ChiconyCam
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}" = WebCam Installer
"{AC76BA86-1033-F400-7761-000000000003}" = Adobe Acrobat 3D version 8
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"695CFD288064D5B9D072C610E63BDD3D3E4DE666" = Windows-Treiberpaket - Intel (NETwLv32) net (10/07/2010 13.4.0.139)
"ABC Amber Nokia Converter" = ABC Amber Nokia Converter
"Adobe Acrobat 3D version 8" = Adobe Acrobat 3D version 8
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"bcv7f791796fe94af55094ccc34e19b8be7_is1" = Barcode Vectorizer 1.4
"BD0DF87A050F43F2591C32F9F072CF2BFF2715BB" = Windows-Treiberpaket - Intel (NETwNs32) net (11/09/2010 14.0.0.113)
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ElsterFormular" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"GIMPshop" = GIMPshop 2.2.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3025
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia Suite" = Nokia Suite
"PC Suite" = PC Suite
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"TR Assistant_is1" = TR Assistant Version 2.03
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3868602969-2332300106-1101947383-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2013 17:48:17 | Computer Name = Terra-1528 | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 31.05.2013 17:48:19 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1540 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 31.05.2013 17:48:41 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 31.05.2013 17:49:08 | Computer Name = Terra-1528 | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 31.05.2013 17:49:09 | Computer Name = Terra-1528 | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1421 NULL object. Cannot establish a connection at this time.
Error - 31.05.2013 17:53:13 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 31.05.2013 17:53:13 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 31.05.2013 17:53:13 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 31.05.2013 17:53:45 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12002 (0x00002EE2)
Description:
Das Zeitlimit für den Vorgang wurde erreicht.
Error - 31.05.2013 17:53:45 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032421 (0xFE45001B)
Description:
HTTP_SESSION_ERROR_TIMEOUT
Error - 31.05.2013 17:53:45 | Computer Name = TERRA-1528 | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032421
(0xFE45001B) Description: HTTP_SESSION_ERROR_TIMEOUT Failed to post customer experence
feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
< End of report >
Besten Dank und Gruß,
Bilvobus |
AdwCleaner auf deinen Desktop.
