Hier von ESET: 2 Funde... Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c8bd21ea0e879841b5547421d1b6d76f
# engine=13969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 05:27:03
# local_time=2013-06-01 07:27:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 7009 235530913 0 0
# compatibility_mode=5893 16776573 100 94 6020 121738814 0 0
# scanned=193573
# found=2
# cleaned=0
# scan_time=5251
sh=99C1522A4BA1FF60EC6E5D87019285D144FCFC56 ft=0 fh=0000000000000000 vn="JS/Kryptik.AKT trojan" ac=I fn="F:\JENNIFER-PC\Backup Set 2013-03-24 194346\Backup Files 2013-05-19 190001\Backup files 1.zip"
sh=234AC30F8198A6F5FD5F5B874198146F01EF43B9 ft=0 fh=0000000000000000 vn="JS/Kryptik.AKT trojan" ac=I fn="F:\JENNIFER-PC\Backup Set 2013-03-24 194346\Backup Files 2013-05-19 190001\Backup files 3.zip"
Security Check: Code:
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Raphael Desktop avira_free3640_antivirus_de.exe
Raphael AppData Local Temp\RarSFX0\presetup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
OTL: Code:
OTL logfile created on: 01.06.2013 19:52:07 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raphael\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,62% Memory free
6,50 Gb Paging File | 5,02 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,56 Gb Free Space | 15,49% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.01 19:51:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
PRC - [2013.05.15 16:39:56 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe
PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.03 18:10:12 | 001,597,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe
PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.16 17:51:46 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll
MOD - [2013.05.16 17:51:45 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll
MOD - [2013.05.16 17:51:45 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll
MOD - [2013.05.16 17:51:44 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll
MOD - [2013.05.16 17:51:43 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013.05.16 17:51:29 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll
MOD - [2013.05.16 17:50:25 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.05.16 17:50:24 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013.05.16 17:50:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013.05.16 17:35:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 17:34:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.16 11:01:17 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.16 11:01:06 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.16 11:01:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 11:01:01 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013.05.16 11:00:58 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.05.16 11:00:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.05.15 16:39:56 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.02.14 09:45:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll
MOD - [2013.01.13 21:08:01 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.13 21:07:54 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 20:37:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:36:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:36:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:36:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:36:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 22:28:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 22:28:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 22:28:37 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 22:28:35 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 22:28:30 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.08.25 22:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.29 11:31:12 | 000,652,800 | ---- | M] () -- E:\Programme\IZArc\IZArcCM.dll
========== Services (SafeList) ==========
SRV - [2013.05.15 16:39:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007.08.24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Raphael\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E0 96 87 13 A2 CB 01 [binary data]
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.31 08:42:17 | 000,000,000 | ---D | M]
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\kn3gu7ao.default\extensions
[2012.06.23 18:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.24 09:44:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.15 19:03:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.06.01 13:53:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6020D34-9C42-44B9-89C9-5210E7F997A0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.23 12:49:28 | 000,000,077 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.11.01 16:25:14 | 000,000,000 | ---D | M] - F:\Autoralley -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.01 19:51:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2013.06.01 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Avira
[2013.06.01 19:47:02 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.01 19:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.01 19:45:03 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.01 19:45:03 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.01 19:45:03 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.01 19:45:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.01 19:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.01 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.01 17:48:04 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Raphael\Desktop\esetsmartinstaller_enu.exe
[2013.06.01 17:42:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.01 17:42:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.01 17:41:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Raphael\Desktop\JRT.exe
[2013.06.01 15:00:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.01 14:59:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.01 14:51:50 | 005,076,199 | R--- | C] (Swearware) -- C:\Users\Raphael\Desktop\ComboFix.exe
[2013.06.01 14:47:34 | 001,355,657 | ---- | C] (Farbar) -- C:\Users\Raphael\Desktop\FRST.exe
[2013.06.01 13:56:05 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\temp
[2013.06.01 13:48:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.01 13:48:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.01 13:48:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.01 13:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.01 13:47:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.01 13:18:52 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.19 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Garmin
[2013.05.19 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Neuer Ordner
[2013.05.19 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013.05.19 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.05.19 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.16 11:01:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 11:01:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 11:01:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 11:01:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 11:01:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 11:01:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 11:01:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 11:01:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 11:01:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 11:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 09:12:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 09:12:01 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 09:11:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 09:11:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 09:11:55 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
========== Files - Modified Within 30 Days ==========
[2013.06.01 19:51:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2013.06.01 19:50:52 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:50:52 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:46:50 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.01 19:45:11 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.01 19:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 19:43:28 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 19:39:58 | 000,890,839 | ---- | M] () -- C:\Users\Raphael\Desktop\SecurityCheck.exe
[2013.06.01 19:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 18:00:34 | 102,323,272 | ---- | M] () -- C:\Users\Raphael\Desktop\avira_free3640_antivirus_de.exe
[2013.06.01 17:48:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Raphael\Desktop\esetsmartinstaller_enu.exe
[2013.06.01 17:41:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Raphael\Desktop\JRT.exe
[2013.06.01 17:32:44 | 000,632,031 | ---- | M] () -- C:\Users\Raphael\Desktop\adwcleaner.exe
[2013.06.01 14:52:16 | 005,076,199 | R--- | M] (Swearware) -- C:\Users\Raphael\Desktop\ComboFix.exe
[2013.06.01 14:47:48 | 001,355,657 | ---- | M] (Farbar) -- C:\Users\Raphael\Desktop\FRST.exe
[2013.06.01 13:53:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.01 10:24:43 | 000,000,000 | ---- | M] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013.05.19 10:57:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:57:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:57:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:57:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 17:34:10 | 000,439,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:39:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 16:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.13 19:32:43 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
========== Files Created - No Company Name ==========
[2013.06.01 19:45:11 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.01 19:39:53 | 000,890,839 | ---- | C] () -- C:\Users\Raphael\Desktop\SecurityCheck.exe
[2013.06.01 17:53:52 | 102,323,272 | ---- | C] () -- C:\Users\Raphael\Desktop\avira_free3640_antivirus_de.exe
[2013.06.01 17:32:39 | 000,632,031 | ---- | C] () -- C:\Users\Raphael\Desktop\adwcleaner.exe
[2013.06.01 13:48:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.01 13:48:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.01 13:48:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.01 13:48:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.01 13:48:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.01 10:24:43 | 000,000,000 | ---- | C] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2011.03.17 21:46:31 | 000,000,680 | RHS- | C] () -- C:\Users\Raphael\ntuser.pol
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Extra OTL: Code:
OTL Extras logfile created on: 01.06.2013 19:52:07 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raphael\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,62% Memory free
6,50 Gb Paging File | 5,02 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,56 Gb Free Space | 15,49% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "H:\Cewe\dm-Fotowelt\dm-Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "F:\cewe\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B414A-3D8B-40BA-9359-3C33226577AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D1939E5-B494-4359-AB9B-9E9E93EA5977}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C63C50C-7713-418F-B076-4845B9FBC55A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3041C936-470B-46D9-8A1B-3F5CBBDE787D}" = rport=445 | protocol=6 | dir=out | app=system |
"{432ED99F-DF16-41CE-BBDA-72E22C30DE92}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47B5CE20-8D1B-4AB6-B798-C3B5BB30A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5429D7EE-F395-466B-B3A8-BE06E1C406B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{62E05942-54F7-4EBF-B337-7544EF52AC97}" = lport=139 | protocol=6 | dir=in | app=system |
"{638E6196-DF8D-468A-AE6C-493A33F0877E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71AE9208-60B3-4B97-B639-43D681446DE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7ECFAD41-01FC-4703-94A0-0A7EF4D7DF90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9268442A-E994-4DE0-9581-300C3F5D5CFB}" = lport=137 | protocol=17 | dir=in | app=system |
"{93E1C0FF-A251-420C-AB0A-F37F305F1CC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95C0894C-3A40-458E-8C46-F2E5587CCD69}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B2C5559-05D6-4983-A10D-78EF2ABF8504}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35D4A88-7CFE-44A7-9E23-C21EB32AA79D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E080BC-ED8F-4540-9B0F-825C91D1C66C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3D2B7B9-406F-4F46-9449-9F0A496BC8C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEEFA361-8A7E-4C57-82DA-67AA60741CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2F073BE-AFAD-403B-A9DE-E4A5DDC9CFCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{F198FB6B-2701-4C0B-878D-EA875CC32168}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBDE392B-69A4-41A3-824D-D16F5ED9722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F3611-BF59-4F16-8567-3464B7E80D78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14288556-9311-45B5-9096-3E916551D52B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A84EF6B-ADB5-4E79-B507-D2195690AB82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26AD5F6E-C6F5-4BCD-BA63-1E40CACA8E04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{520E672D-4167-4D75-95FD-AE1041A18C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8270593D-8A4A-49E7-81BE-D4C2D7EF9951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87C4DE77-60FE-403E-A2A9-2C9EC48B6D14}" = protocol=6 | dir=out | app=system |
"{8AD696AD-E23C-4C35-BD54-81ED0CCC3D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D48E281-ED96-4006-B9DF-A646470C2FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9906632A-D70C-4D8B-A265-FBEEBA585A5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A1EE4A09-9552-4D75-B301-F7DE27A6F45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A49342C5-C84A-4310-A88C-9C457FADD0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B85C07E4-DD81-427A-BAF3-789B17CBCEF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFED79BE-E46E-4DCB-8C05-CDA058A4CB55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2ED17D4-F836-43AE-B6F9-8C0377FE6642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CDD03498-7A8F-428B-B4D7-589A46DCD8DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFDA44FA-510F-4ADF-BA43-ABF5FEFBDC18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E80B11D0-1013-4DA2-B91C-3AF81AFB1914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F69A80A9-3329-4975-A1BF-0FCEB1EB05C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA513E17-7362-44AF-8BB9-FD06675EA418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF148A5A-D34C-45CA-86C0-682D764DA95C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8A7455F9-85C1-4A75-B6C2-EAE44775E499}E:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\program files\runes of magic\client.exe |
"TCP Query User{9B131DDB-C3B2-40A4-AEA6-204BD12B76AD}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe |
"TCP Query User{B7BB0A1C-8E91-4CC3-A67F-6B6CC34EA13A}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe |
"UDP Query User{5A10F57B-746F-4096-89BA-AAC9970FD063}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe |
"UDP Query User{C464BDB6-7DE6-485D-80DA-D35E25B518EC}E:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\program files\runes of magic\client.exe |
"UDP Query User{F2864DC7-95BF-4853-AEF0-6CED531A48FF}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{0CA04779-346C-30FD-EB9B-8EEA2CE094B3}" = CCC Help Thai
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C160168-BF5B-72FE-BAFA-6DD5F737404C}" = CCC Help Chinese Standard
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEBD42E-4DC7-A874-645B-28B63907E930}" = ATI AVIVO Codecs
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{60341104-FC8E-EF26-12CB-93B17DF55976}" = CCC Help Japanese
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7CE47764-9A8F-380D-FB9E-FCFC37B9F727}" = CCC Help Korean
"{85D27E0C-6185-58BC-94B6-E5EED97962D8}" = AMD Drag and Drop Transcoding
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB6F9DC-A0FF-621E-DE53-877E63864DD1}" = CCC Help Chinese Traditional
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foto Paradies" = Foto Paradies
"Jack Keane" = Jack Keane
"Jewels of Atlantis/DE-German_is1" = Jewels of Atlantis
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 02.07.2011 16:14:35 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773
seconds with 1920 seconds of active time. This session ended with a crash.
< End of report >
|
AdwCleaner auf deinen Desktop.
SecurityCheck und:
