| scubakuno | 24.11.2012 17:32 |
Google, Umleitung auf unerwünschte Seiten
Hallo liebe Mitglieder,
unser Rechner hat folgendes Problem:
Bei google-Suche wird man auf falsche Seiten umgeleitet. Bisherige Suchen haben nichts gebracht und ich benötige Hilfe von Profis.
Hier der OTL.txt-Report:OTL Logfile: Code:
OTL logfile created on: 24.11.2012 17:13:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathrin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 75,20% Memory free
15,78 Gb Paging File | 13,75 Gb Available in Paging File | 87,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 28,90 Gb Free Space | 28,90% Space Free | Partition Type: NTFS
Drive D: | 149,83 Gb Total Space | 109,43 Gb Free Space | 73,03% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 151,56 Gb Free Space | 77,60% Space Free | Partition Type: NTFS
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.24 17:00:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathrin\Downloads\OTL.exe
PRC - [2012.11.09 09:13:15 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.11.09 09:13:08 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.11.07 08:59:12 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.11.07 08:59:12 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.11.07 08:58:54 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.11.04 15:02:02 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.07 09:10:25 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.07.25 10:28:02 | 000,101,288 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.09.29 17:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.08.13 05:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.18 12:01:13 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\9b9fa819ebe7b102d7cb998ce9ce05fd\log4net.ni.dll
MOD - [2012.11.18 12:01:10 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\22799f503a191c5e9753fcc626859eb7\DeskUpdateNotifier.ni.exe
MOD - [2012.11.17 10:20:27 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.17 10:20:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.17 10:20:16 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.17 10:20:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.11.17 10:20:14 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.17 10:20:04 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.11.04 15:02:01 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.09 09:13:25 | 001,998,912 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.11.09 09:13:15 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.11.09 09:13:08 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.11.07 08:59:12 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.11.07 08:58:54 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.11.04 15:02:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 20:32:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.07 09:10:25 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.04.11 14:11:32 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.25 14:44:40 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.12.08 09:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2011.12.08 09:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.12.08 09:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.12.08 09:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.10.07 14:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.17 14:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.11.07 08:58:58 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.11 23:44:46 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.04.11 23:44:46 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.04.11 23:44:44 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.04.11 23:44:44 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.04.11 23:44:44 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.04.11 23:44:44 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.03.19 12:47:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.03.19 12:47:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.19 08:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.09 14:31:48 | 000,638,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS)
DRV:64bit: - [2012.03.09 14:31:46 | 000,024,496 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.08 11:12:08 | 000,806,696 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasr1.sys -- (megasr1)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.12.13 06:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011.12.05 20:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.12.01 21:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.11.30 06:09:34 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.22 23:59:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.11.22 23:59:48 | 000,410,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.10.01 09:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.08.25 02:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.08.11 07:14:34 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.07.28 13:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.12.10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.02 06:07:42 | 000,051,280 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2010.10.09 04:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.09.28 02:30:22 | 000,015,208 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FJGSDisk.sys -- (FJGSDisk)
DRV:64bit: - [2010.08.06 00:17:00 | 000,085,736 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\oz776x64.sys -- (guardian2)
DRV:64bit: - [2010.06.02 17:27:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.11.01 11:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV:64bit: - [2006.11.01 10:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=10&cc=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 07 6D C7 E9 70 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6E61B17C-A62B-4B4E-93C3-F115AC1AEBCC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6E61B17C-A62B-4B4E-93C3-F115AC1AEBCC}: "URL" = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=54
IE - HKCU\..\SearchScopes\{E36B9054-1D99-4DC3-9DFD-99F8595F3859}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c9f39cfe-bff6-4edd-8a9e-bd377df35c33&apn_sauid=040DA1AD-E0FD-4FEF-84BA-CEFDE2FCFC1D
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Softonic)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 15:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 15:02:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.08.02 21:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Extensions
[2012.10.24 09:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\hw9d52v4.default\extensions
[2012.08.02 21:11:52 | 000,002,344 | ---- | M] () -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\hw9d52v4.default\searchplugins\askcom.xml
[2012.08.07 10:40:45 | 000,002,062 | ---- | M] () -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\hw9d52v4.default\searchplugins\softonic.xml
[2012.11.04 15:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.04 15:02:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 08:34:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [FJBATAID2] C:\Programme\Fujitsu\BatteryAid2\BatteryDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4:64bit: - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKCU..\Run: [fjqy] C:\Users\Kathrin\AppData\Roaming\bcryptf.dll ()
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AB729B1-D762-4B60-BAC6-2A4DFBED41C1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6711A07-F5FE-4C58-A337-E8AE508B3D04}: DhcpNameServer = 132.195.120.9 132.195.120.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.23 09:41:49 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\Desktop\Coaching und Psychotherapie (Grimmer)
[2012.11.18 23:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.18 23:01:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.18 23:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.18 20:49:06 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\GlarySoft
[2012.11.18 20:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.11.18 20:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.11.17 10:37:11 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Local\Sophos
[2012.11.17 10:05:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.15 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\Desktop\Wichtig Artikel gesundheit
[2012.11.09 09:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos
[2012.11.07 17:56:29 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\Desktop\Kapitel Dissertation ab Nov. 2011
[2012.11.07 08:58:58 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.11.04 15:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.31 17:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2012.10.31 17:31:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.10.31 09:18:18 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\Desktop\**********
[1 C:\Users\Kathrin\Desktop\*.tmp files -> C:\Users\Kathrin\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.24 17:00:08 | 000,000,000 | ---- | M] () -- C:\Users\Kathrin\defogger_reenable
[2012.11.24 16:58:51 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 16:58:51 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 16:56:16 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.24 16:56:16 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.24 16:56:16 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.24 16:56:16 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.24 16:56:16 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.24 16:51:35 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.24 16:51:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.24 16:51:12 | 2058,751,999 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.24 15:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.22 20:30:05 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.11.22 12:41:48 | 000,732,542 | ---- | M] () -- C:\Users\Kathrin\Desktop\stn-2012-03-07-burnout.pdf
[2012.11.22 11:17:11 | 000,512,885 | ---- | M] () -- C:\Users\Kathrin\Desktop\presale2012.pdf
[2012.11.22 09:58:12 | 000,126,008 | ---- | M] () -- C:\Users\Kathrin\Desktop\Bild1.jpg
[2012.11.21 14:50:24 | 005,598,919 | ---- | M] () -- C:\Users\Kathrin\Documents\Erfurt_Latocha.pdf
[2012.11.19 18:46:26 | 000,471,561 | ---- | M] () -- C:\Users\Kathrin\Desktop\********.pdf
[2012.11.18 23:03:13 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.18 20:40:02 | 000,001,080 | ---- | M] () -- C:\Users\Kathrin\Desktop\Glary Utilities.lnk
[2012.11.18 19:53:17 | 000,418,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 09:09:49 | 000,131,072 | RHS- | M] () -- C:\Users\Kathrin\AppData\Roaming\bcryptf.dll
[2012.11.14 10:03:49 | 000,460,684 | ---- | M] () -- C:\Users\Kathrin\Desktop\************.pdf
[2012.11.07 08:58:58 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.11.07 08:58:53 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.10.27 12:01:12 | 000,003,153 | ---- | M] () -- C:\Users\Kathrin\Desktop\Secure Download Manager.lnk
[1 C:\Users\Kathrin\Desktop\*.tmp files -> C:\Users\Kathrin\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.24 17:00:08 | 000,000,000 | ---- | C] () -- C:\Users\Kathrin\defogger_reenable
[2012.11.22 12:41:48 | 000,732,542 | ---- | C] () -- C:\Users\Kathrin\Desktop\stn-2012-03-07-burnout.pdf
[2012.11.22 11:17:11 | 000,512,885 | ---- | C] () -- C:\Users\Kathrin\Desktop\presale2012.pdf
[2012.11.22 09:58:10 | 000,126,008 | ---- | C] () -- C:\Users\Kathrin\Desktop\Bild1.jpg
[2012.11.21 14:50:24 | 005,598,919 | ---- | C] () -- C:\Users\Kathrin\Documents**************.pdf
[2012.11.19 17:37:13 | 000,471,561 | ---- | C] () -- C:\Users\Kathrin\Desktop\******************.pdf
[2012.11.18 23:01:59 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.18 20:40:04 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.18 20:40:02 | 000,001,080 | ---- | C] () -- C:\Users\Kathrin\Desktop\Glary Utilities.lnk
[2012.11.17 10:22:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 10:08:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 09:09:49 | 000,131,072 | RHS- | C] () -- C:\Users\Kathrin\AppData\Roaming\bcryptf.dll
[2012.11.02 09:51:41 | 000,460,684 | ---- | C] () -- C:\Users\Kathrin\Desktop\**********************.pdf
[2012.10.07 17:33:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.09.16 21:56:48 | 000,000,859 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\recently-used.xbel
[2012.08.07 10:40:28 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.08.07 10:40:28 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.08.07 10:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012.08.07 10:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2012.08.07 10:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2012.08.07 10:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2012.08.07 10:39:39 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.08.07 10:39:39 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.08.02 21:53:43 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.08.02 21:53:39 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.08.02 21:52:25 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.08.02 21:52:25 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012.08.02 21:52:25 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.03.19 08:31:14 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 08:31:14 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 08:31:14 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 08:25:56 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 07:21:12 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.11 07:12:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.10.31 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Canon
[2012.11.24 16:53:30 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Dropbox
[2012.10.24 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\e-academy Inc
[2012.08.03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Fujitsu
[2012.11.18 20:49:06 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\GlarySoft
[2012.09.16 16:36:17 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\MAGIX
[2012.09.16 21:59:32 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\PhotoScape
========== Purity Check ==========
< End of report >
--- --- ---
Hier der Extra.txt-Report:OTL Logfile: Code:
OTL Extras logfile created on: 24.11.2012 17:13:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathrin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 75,20% Memory free
15,78 Gb Paging File | 13,75 Gb Available in Paging File | 87,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 28,90 Gb Free Space | 28,90% Space Free | Partition Type: NTFS
Drive D: | 149,83 Gb Total Space | 109,43 Gb Free Space | 73,03% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 151,56 Gb Free Space | 77,60% Space Free | Partition Type: NTFS
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{529468BC-C254-4B26-8160-A26A28E322B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{76848789-5128-418E-8C92-D624B6164D43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D1502834-3B8C-47C1-95F8-80EAB305543E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22AD4C54-DAF6-4EEB-8780-2C9AADCFE9B7}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{25A89BCB-F16E-440C-ACA5-EDDB11217167}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2BDB45C6-0E32-45FF-A3A4-593FADE76B93}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5938A570-B17A-4662-A72C-6FCF057BC267}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5A137EC9-CA45-42CF-AAD0-452520EF3856}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5AADA6D4-6C15-4057-8576-8FB3184C731C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5F380E8F-2698-41A7-B3D6-89F732D6A8DB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{64C2ECC5-C46D-40FF-A5FF-0DABF9CFCC9F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67CC044C-32E4-4176-B08F-34434CB65658}" = protocol=6 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe |
"{9DBCE6D5-708B-4F9A-BADB-1A75B54285B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A7E0D887-A5C6-4859-B552-2FB2A59BA6DB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AC7F979B-D118-4869-B29E-FE386E76164F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BFF73752-B451-4B4E-876D-21438B018903}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CCA2BBBA-2D33-4044-91F4-5580BDAA4240}" = protocol=17 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe |
"{DD28DD94-791A-4110-9BC4-5B90BEC2FB95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E7D17536-D67F-4072-A1A0-BB0CADED6864}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{E87E322A-7022-4BC4-A2CA-B6011AF84735}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EDFD73DE-44DB-475D-AA70-76D7C058FDA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{0322E14A-CCAC-4B33-83BC-07216032C51D}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"TCP Query User{0F62DD30-2786-4692-9495-64C73ABF21BA}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"TCP Query User{BD747348-199A-4730-9C2C-20E6DC1F1CAD}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{D01512AD-0CFE-4EF3-9E4F-67AC6EDCC5E2}C:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EE3F103F-CA18-4A04-93B7-1A6ABC88E9AA}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{3EB27FE0-7A08-4327-9229-FB09B0A260B8}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"UDP Query User{6320CE8F-9EF5-4C32-BF4C-FE4D02F65C60}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{6B3C6BD0-462D-49D8-9F9B-7B4E0B19C1A3}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{73656577-2A80-4073-927F-422F07B76581}C:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DE028DF7-21EF-431F-95FA-423E35CAF0BC}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26208444-C11B-4820-B224-7F66549B0E16}" = O2Micro OZ776 SCR Driver
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{479B309B-E6B4-4947-8B83-472CF4272582}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi-Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C5A4CA-1EE8-4C73-9679-0BC2946D1353}" = Battery Utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Bildschutz_is1" = Bildschutz Pro
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6200 series Benutzerregistrierung" = Canon MG6200 series Benutzerregistrierung
"Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DeskUpdate_is1" = DeskUpdate 4.13
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Glary Utilities_is1" = Glary Utilities 2.50.0.1632
"InstallShield_{26208444-C11B-4820-B224-7F66549B0E16}" = O2Micro OZ776 SCR Driver
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"PhotoScape" = PhotoScape
"TSR Watermark Image_is1" = TSR Watermark Image software version 2.2.0.4
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.11.2012 15:51:15 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 03:28:00 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 03:31:51 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 15:30:05 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 03:42:43 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 12:25:27 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2012 07:17:03 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2012 07:26:43 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2012 11:10:09 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2012 11:51:46 | Computer Name = Kathrin-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 24.11.2012 11:10:42 | Computer Name = Kathrin-PC | Source = DCOM | ID = 10005
Description =
Error - 24.11.2012 11:10:42 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:42 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:53 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:53 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:53 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:53 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:53 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:10:53 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.11.2012 11:51:49 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
mit folgendem Fehler beendet: %%-2147196306
< End of report >
--- --- ---
Und hier, die vorher erstellte Reportdatei von Malwarebytes:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.11.24.05
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Kathrin :: KATHRIN-PC [Administrator]
24.11.2012 16:12:58
mbam-log-2012-11-24 (16-12-58).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351262
Laufzeit: 34 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Danke für Rückmeldungen! |
AdwCleaner auf deinen Desktop.
WARNUNG an die MITLESER: 
Textbox. 