Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.12.2012, 17:18   #1
hugo03
 
Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich - Standard

Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich



Hallo zusammen,
ich kann zur Zeit meinen Rechner (Win7 Home 64bit SP1) nur mit ausgeschalteter Benutzerkontensteuerung (nie benachrichtigen) betreiben. Sobald ich eine höhere Stufe einstelle (z. B 2. Stufe Standard - nur benachrichtigen, wenn Änderungen ...) kann ich nach dem Neustart keine Programme über den Desktop aufrufen. Alle Buttons sind grau hinterlegt. Auch die Startleiste ist nicht funktonsfähig.
Das Problem besteht schon seit mehreren Wochen und ich konnte mit meinen Mitteln noch keine Lösung finden. Ich habe mir bestimmt einen Virus eingefangen.
Ich bitte um eure Hilfe, wie ich das Problem beheben kann.

> Der Malwarebytes-Test ergabe zwei infizierte Dateien:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: COMPAQ [Administrator]

Schutz: Aktiviert

05.12.2012 10:58:24
mbam-log-2012-12-05 (14-16-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 684944
Laufzeit: 2 Stunde(n), 57 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\Downloads\applian flv player setup.exe (PUP.AdBundle) -> Keine Aktion durchgeführt.
C:\Users\***\Downloads\installer_samsung_galaxy_s_usb.exe (PUP.BundleInstaller.BEN) -> Keine Aktion durchgeführt.
(Ende)

> Der defogger ergab keine log-Datei und keine Fehlermeldung

> Der otl generierte die OTL.Txt und Extras.Txt:

OTL logfile created on: 05.12.2012 14:43:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rudolf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,02 Gb Available in Paging File | 75,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,54 Gb Total Space | 63,11 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive D: | 12,12 Gb Total Space | 1,60 Gb Free Space | 13,16% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Rudolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.05 14:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rudolf\Downloads\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.28 15:43:10 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.08 09:33:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.17 16:00:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.17 16:00:37 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.17 16:00:37 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.17 16:00:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012.06.01 06:36:12 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2009.07.14 02:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV - [2012.12.04 22:01:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.28 15:43:10 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.13 16:25:15 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.17 16:00:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.17 16:00:37 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.17 16:00:37 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.17 16:00:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.08.05 11:18:01 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.18 14:13:58 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.03 10:36:53 | 000,055,776 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.05.17 16:00:39 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.17 16:00:39 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 15:07:21 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.26 01:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011.06.26 01:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011.05.25 08:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 18:01:02 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.01.31 13:30:38 | 000,027,288 | ---- | M] (Ekahau Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ekaprot6.sys -- (EkaProt6)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.07.26 15:27:11 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010.07.26 15:26:56 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.07.26 15:26:56 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.01.26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.12.05 19:54:24 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Darusb_win7x.sys -- (Darusb_win7x)
DRV:64bit: - [2009.07.30 18:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009.03.25 15:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 15:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2009.03.25 15:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2009.03.25 15:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 15:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2009.03.25 15:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2009.03.25 15:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2009.02.13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010.09.16 16:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxiwe.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{8B219F21-6E60-444B-BF76-C4858EFE4B7A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2828561

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{34FCECE4-B292-4FE9-8185-0D00CE80BD4C}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{903CF364-7AAE-4B2A-9CC1-46BEC007B574}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:80

========== FireFox ==========

FF - prefs.js..CT2481020.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: synoext%40masterfix.mine.nu:0.8
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.38
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://192.168.2.1/"
FF - prefs.js..network.proxy.http: "192.168.2.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.26 14:53:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.04 22:01:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.04 22:01:35 | 000,000,000 | ---D | M]

[2011.02.24 09:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Extensions
[2012.11.29 21:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lgt27122.default\extensions
[2012.11.09 19:45:47 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lgt27122.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.11.29 21:25:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lgt27122.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.10.03 19:53:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lgt27122.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.17 20:48:50 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lgt27122.default\extensions\ich@maltegoetz.de
[2012.02.16 08:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\ulj200iw.default\extensions
[2012.02.16 08:40:52 | 000,000,000 | ---D | M] ("Bandwidth Tester") -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\ulj200iw.default\extensions\{7C06F9C2-B0D0-47b4-93B8-116C919084BA}
[2012.02.16 08:40:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\ulj200iw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.16 08:40:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\ulj200iw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.02.16 08:40:53 | 000,000,000 | ---D | M] ("MultirowBookmarksToolbar") -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\ulj200iw.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012.02.16 08:40:52 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\ulj200iw.default\extensions\sparweltgutscheinewl@sparwelt.de
[2012.02.02 22:59:29 | 000,040,827 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lgt27122.default\extensions\jsdeobfuscator@adblockplus.org.xpi
[2012.10.15 11:00:50 | 000,026,319 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lgt27122.default\extensions\synoext@masterfix.mine.nu.xpi
[2012.10.27 05:55:05 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lgt27122.default\extensions\translator@zoli.bod.xpi
[2012.11.27 13:16:01 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lgt27122.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.02.24 13:16:08 | 000,005,551 | ---- | M] () -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lgt27122.default\searchplugins\google-maps.xml
[2012.12.04 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.04 22:01:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.04 22:01:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.04 22:01:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.04 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\staged
[2012.10.26 14:53:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.04 22:01:37 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.09.08 15:02:46 | 000,188,416 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Program Files (x86)\mozilla firefox\plugins\libcurl.dll
[2011.12.14 16:39:01 | 000,063,632 | ---- | M] (soft Xpansion) -- C:\Program Files (x86)\mozilla firefox\plugins\np-sxpdf.dll
[2009.10.29 15:57:40 | 001,359,872 | ---- | M] (Fraunhofer IIS) -- C:\Program Files (x86)\mozilla firefox\plugins\npmmtaplayer.dll
[2007.07.25 12:36:16 | 001,101,824 | ---- | M] (Fraunhofer IIS) -- C:\Program Files (x86)\mozilla firefox\plugins\npmp3s.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.n-tv.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.n-tv.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: PDF Xpansion - the perfect PDF technology (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-sxpdf.dll
CHR - plugin: MP3s client plugin for netscape (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmmtaplayer.dll
CHR - plugin: MP3s client plugin for netscape (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmp3s.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Programme\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cam4.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: n-tv.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0970C12-4F27-4986-97C0-6A24C3C44A17}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2dfbd24e-fabb-11de-9ccf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2dfbd24e-fabb-11de-9ccf-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\start.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.05 10:34:39 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\AppData\Roaming\Malwarebytes
[2012.12.05 10:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.05 10:34:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.05 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.04 22:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\AppData\Roaming\TuneUp Software
[2012.12.04 20:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.04 20:12:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.04 20:12:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.03 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.12.01 19:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout
[2012.11.28 11:56:51 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012.11.28 11:56:51 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012.11.28 11:56:51 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012.11.28 11:56:51 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012.11.28 11:56:51 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012.11.28 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012.11.28 11:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.11.28 11:00:52 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012.11.27 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.11.16 19:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.14 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\Documents\Radtouren
[2012.11.12 08:51:05 | 000,104,960 | ---- | C] (CANON INC.) -- C:\Users\Rudolf\cnmss Canon iP4800 series (Local).dll
[2012.11.11 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2012.11.11 17:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC
[2012.11.06 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.04.12 15:38:15 | 000,103,424 | ---- | C] (CANON INC.) -- C:\Users\Rudolf\cnmss USB Printer (Local).dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.05 14:39:51 | 000,000,269 | ---- | M] () -- C:\Users\Rudolf\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2012.12.05 14:24:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.05 14:20:35 | 000,001,986 | ---- | M] () -- C:\Users\Rudolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4800 series.lnk
[2012.12.05 10:34:17 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 09:42:27 | 000,000,267 | ---- | M] () -- C:\Users\Rudolf\Desktop\TuneUp Utilities Shop.URL
[2012.12.05 09:18:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.05 08:46:10 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 08:46:10 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 08:38:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.05 08:38:08 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.04 22:06:02 | 000,000,236 | ---- | M] () -- C:\Users\Rudolf\Desktop\GVU Trojaner Win 7 [Archiv] - Hilfe-Forum der Anti-Botnet-Experten.URL
[2012.12.03 20:38:48 | 001,796,350 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.03 20:38:48 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.03 20:38:48 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.03 20:38:48 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.03 20:38:48 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.29 23:08:17 | 000,009,880 | ---- | M] () -- C:\Users\Rudolf\Documents\cc_20121129_230813.reg
[2012.11.28 20:06:11 | 000,018,318 | ---- | M] () -- C:\Users\Rudolf\Documents\cc_20121128_200606.reg
[2012.11.28 11:02:37 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.11.28 10:55:42 | 000,040,480 | ---- | M] () -- C:\Users\Rudolf\Documents\cc_20121128_105526.reg
[2012.11.27 16:14:33 | 000,000,047 | ---- | M] () -- C:\Users\Rudolf\Desktop\Lesezeichen-Manager.url
[2012.11.16 18:26:54 | 000,014,646 | ---- | M] () -- C:\Users\Rudolf\Documents\cc_20121116_182646.reg
[2012.11.16 10:32:36 | 001,815,826 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.16 08:24:48 | 000,463,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.14 22:48:32 | 000,031,578 | ---- | M] () -- C:\Users\Rudolf\Documents\cc_20121114_224826.reg
[2012.11.14 18:03:50 | 000,001,608 | ---- | M] () -- C:\Users\Rudolf\Desktop\procexp - Verknüpfung.lnk
[2012.11.12 13:00:58 | 000,000,160 | ---- | M] () -- C:\Users\Rudolf\Documents\cc_20121112_130052.reg
[2012.11.12 08:45:20 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk
[2012.11.12 08:45:20 | 000,002,341 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk
[2012.11.12 08:43:47 | 000,000,021 | ---- | M] () -- C:\Users\Rudolf\AppData\Local\mc.pixel.data
[2012.11.12 08:39:24 | 000,007,628 | ---- | M] () -- C:\Users\Rudolf\AppData\Local\resmon.resmoncfg
[2012.11.11 17:22:00 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.05 14:38:29 | 000,000,269 | ---- | C] () -- C:\Users\Rudolf\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2012.12.05 10:34:17 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 09:42:27 | 000,000,267 | ---- | C] () -- C:\Users\Rudolf\Desktop\TuneUp Utilities Shop.URL
[2012.12.05 09:39:18 | 000,001,986 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4800 series.lnk
[2012.12.04 22:06:02 | 000,000,236 | ---- | C] () -- C:\Users\Rudolf\Desktop\GVU Trojaner Win 7 [Archiv] - Hilfe-Forum der Anti-Botnet-Experten.URL
[2012.11.29 23:08:16 | 000,009,880 | ---- | C] () -- C:\Users\Rudolf\Documents\cc_20121129_230813.reg
[2012.11.28 20:06:10 | 000,018,318 | ---- | C] () -- C:\Users\Rudolf\Documents\cc_20121128_200606.reg
[2012.11.28 11:02:37 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.11.28 10:55:39 | 000,040,480 | ---- | C] () -- C:\Users\Rudolf\Documents\cc_20121128_105526.reg
[2012.11.27 16:14:33 | 000,000,047 | ---- | C] () -- C:\Users\Rudolf\Desktop\Lesezeichen-Manager.url
[2012.11.16 18:26:52 | 000,014,646 | ---- | C] () -- C:\Users\Rudolf\Documents\cc_20121116_182646.reg
[2012.11.16 08:17:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 08:05:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 22:48:30 | 000,031,578 | ---- | C] () -- C:\Users\Rudolf\Documents\cc_20121114_224826.reg
[2012.11.14 18:03:50 | 000,001,608 | ---- | C] () -- C:\Users\Rudolf\Desktop\procexp - Verknüpfung.lnk
[2012.11.12 13:00:55 | 000,000,160 | ---- | C] () -- C:\Users\Rudolf\Documents\cc_20121112_130052.reg
[2012.11.12 08:45:20 | 000,002,345 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk
[2012.11.12 08:45:20 | 000,002,341 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk
[2012.11.11 17:22:00 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
[2012.11.11 17:22:00 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2012.11.06 23:02:34 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.30 08:49:03 | 000,000,007 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\~wmrg
[2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.21 18:04:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.06.21 18:04:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.06.21 18:04:24 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.06.21 18:04:24 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.06.21 18:04:24 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.06.21 18:04:24 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.06.21 18:04:24 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.06.21 18:04:24 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.06.21 18:04:24 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.06.21 18:04:24 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.06.21 18:04:24 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.06.21 18:04:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.06.21 18:04:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.06.21 18:04:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.06.21 18:04:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.06.21 18:04:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.06.21 18:04:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.06.21 18:04:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.06.21 18:04:24 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.01.08 19:31:15 | 000,000,021 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\mc.pixel.data
[2012.01.01 20:53:09 | 021,355,408 | ---- | C] () -- C:\Users\Rudolf\20120101_Aktuelle_Stunde-Terror_und_Trauer_im_Herbst.mp4
[2011.12.30 12:06:50 | 000,113,884 | ---- | C] () -- C:\Users\Rudolf\authroot.stl
[2011.09.22 07:30:27 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.08.28 12:18:00 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.08.27 17:25:08 | 000,000,072 | ---- | C] () -- C:\Windows\Pex.INI
[2011.08.27 15:52:55 | 000,000,074 | -H-- | C] () -- C:\Windows\efdcet.dat
[2011.08.27 15:51:36 | 000,000,428 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.07.14 10:48:22 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.06.09 18:25:48 | 000,000,036 | ---- | C] () -- C:\Windows\tr_vtf_5.INI
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.20 15:39:06 | 000,001,854 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\GhostObjGAFix.xml
[2011.03.02 22:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 22:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 22:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 22:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.02.24 09:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.14 13:15:37 | 000,000,036 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\housecall.guid.cache
[2010.06.13 18:31:51 | 000,000,163 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\default.rss
[2010.06.02 08:56:34 | 000,019,456 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\WebpageIcons.db
[2010.04.26 19:55:18 | 000,007,628 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\resmon.resmoncfg
[2010.04.14 17:05:16 | 000,017,408 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.12 11:53:08 | 000,000,680 | ---- | C] () -- C:\Users\Rudolf\ntuser.pol
[2007.12.23 10:52:18 | 002,662,575 | ---- | C] () -- C:\Users\Rudolf\data1.cab
[2007.12.23 10:52:17 | 012,428,183 | ---- | C] () -- C:\Users\Rudolf\data2.cab
[2006.04.19 11:24:41 | 000,000,093 | ---- | C] () -- C:\Users\Rudolf\default.pls

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.12.17 16:58:59 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Amazon
[2011.08.22 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\AnvSoft
[2012.10.24 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Applian FLV and Media Player
[2012.09.24 18:40:09 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Ashampoo
[2011.12.15 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\avidemux
[2012.02.16 08:35:32 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Canneverbe Limited
[2012.02.16 08:35:32 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Canon
[2010.11.06 07:33:44 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\CD-LabelPrint
[2012.11.12 08:42:24 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Dropbox
[2012.10.24 12:16:46 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\GARMIN
[2010.06.02 10:56:03 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\gnupg
[2010.12.28 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\HTML Executable
[2011.08.27 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\IrfanView
[2012.04.24 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Jumping Bytes
[2012.02.16 08:40:51 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\KeySafe
[2012.02.16 08:40:52 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\MAGIX
[2010.08.20 13:44:34 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Maok
[2012.02.16 08:40:53 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\MuldeR
[2012.12.04 16:49:58 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\My Streaming Media
[2010.04.18 03:04:22 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Oxmi
[2010.07.27 16:46:33 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\qualys
[2012.09.25 09:51:36 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Replay Media Catcher 4
[2011.11.03 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\RMCBackup
[2011.12.01 10:27:58 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\RouterControl
[2012.11.28 10:50:39 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Samsung
[2012.02.16 08:36:08 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\ScanSoft
[2010.12.05 18:12:33 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Search Settings
[2012.01.18 13:36:27 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\SF Software
[2012.02.16 08:40:55 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Stellarium
[2012.02.16 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\T-Online
[2012.06.19 11:55:37 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Temp
[2012.12.04 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\TuneUp Software
[2011.02.15 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Uniblue
[2012.10.16 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Win7codecs
[2010.04.12 14:50:44 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\WinBatch
[2011.01.01 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\WinPatrol
[2011.08.22 05:37:33 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\YCanPDF
[2010.04.12 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\_MDLogs

========== Purity Check ==========
< End of report >

OTL Extras logfile created on: 05.12.2012 14:43:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rudolf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,02 Gb Available in Paging File | 75,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,54 Gb Total Space | 63,11 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive D: | 12,12 Gb Total Space | 1,60 Gb Free Space | 13,16% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Rudolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011B7A0B-40B8-4C1F-B9F4-830A970213D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0186E7AC-FC67-44D3-B489-472F348B173D}" = lport=10245 | protocol=6 | dir=in | app=system |
"{07662198-34DE-410F-A39D-BB7A2B845D41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D0184DE-CF90-44DF-AADF-80E0A474CC8C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0D997F20-FF9A-4FA4-9F8C-BDFAB3507058}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E464393-9D38-4174-89A3-AA1C0B1A5996}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11ABD3FD-E866-4394-AF9D-E4BB8607F509}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1267373A-565E-46E4-97C2-1761A9FBB0C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18C641C9-C326-4AF4-AB3E-656C08DC79B4}" = lport=5985 | protocol=6 | dir=in | app=system |
"{1AAEDC4A-00BE-48C5-A722-D8D493BC7B1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1C7999CC-F313-46F7-9242-FED9138AC7FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{21C97532-8730-4551-87A0-895D78EBE8C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AF08EE8-5367-4258-8DBB-C928EFA6A79D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D5EB3A8-C458-42B1-B2C2-E15106730C92}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{328D3692-2811-43F9-93D1-64E41F285D1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{34D7006E-33FB-40EC-A4DF-E502869DE7D6}" = lport=2869 | protocol=6 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A3C1BA5-E597-47C8-95C7-82E82E7AE9DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3E58D59D-B9F7-4C0C-B3A6-06F09C52B941}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{427D3A65-1A47-41B6-A2BA-5709491A707C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{574A9EE9-9206-4B22-A27E-24077D8F1B18}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5EF66869-0735-47FC-967C-7C05E0EB310B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{616EB68D-ACAE-457E-8C26-8E781D93F7C9}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
"{65E80CF3-8A25-4BBA-9F03-E9F52E5A2356}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6865A1E4-0262-4E66-9F67-3BB470EAA863}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EA3760F-F206-4526-9DF7-C4E8A6F38BD1}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E6B8880-A38C-412A-AFDA-AE16DE935C6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A590FBE9-9545-401C-A5F1-09E2D8886590}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6323327-6B50-4C4B-9EB8-A2FC2BF922A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{ACE3F712-407F-4E62-8624-CD5A2991B5E0}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{AE66A83F-134D-49A1-9C5C-64567443A685}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B490125D-CD68-4A34-8E47-5DCDCB420700}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAB23503-549C-46D2-AF96-5159AFA4D5DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BBEDEE60-EA92-48A6-A92A-E4F6C518DE7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BEED5DDB-0C15-45D7-A673-7CE3E1553039}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFF214FF-029A-429A-96E2-425AD557A0B5}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C042ED88-2584-46AD-8C7B-0BA48F265593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1CC4415-DEA5-46BB-BA0E-EEE807938C18}" = lport=137 | protocol=17 | dir=in | app=system |
"{C27EFF2B-AFED-4F31-83FC-06DA0BFFAF80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6A1FA31-3D5A-497D-AFA5-8677192828E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C77974B5-AEE3-4066-B67B-C73FE1CDA426}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA88BC5A-EDB8-4662-9F5E-6B4B6D7D4A93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D378DD52-F419-4B00-9C0B-A8B71351CCC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBAF9212-6403-4D63-ABD4-A6CD6E81CF51}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DDBCF636-5AAB-4F37-A564-C10E3E8FCFE9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF969222-DB6B-4061-ABD6-C9C7DC51A5B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E06B298B-CBD9-4BCF-B65D-18EA78A551D8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E3511BF1-F185-4C68-9FF9-3B9712D9D39A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E5C00AA5-A68E-44B3-A971-3BA7FDF97706}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6485A9D-D532-4E1C-9B56-08120A1EF69D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB517B37-B3D4-46D9-98A7-34DF31B2B5A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECD94B60-BA25-40A8-B3DC-03C6C5FF585D}" = lport=80 | protocol=6 | dir=in | app=system |
"{F0D8E067-1FEF-4C41-9297-3A640E134064}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3204464-86C9-4357-94AE-B67EEEA02B2E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F630AB3A-CE50-4A7B-B5FE-6D57EBAB35F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF72B02B-B724-4832-BA44-2A51FFA2649A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CC7B5D-6296-4FE4-B441-9713ECD0C30E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14EBC54A-A2BA-4AC8-AAB4-FDDB454CAA14}" = protocol=6 | dir=in | app=c:\program files\netzmanager\netzmanager.exe |
"{15DB888B-C3CA-4795-A540-737862488FA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{185353E8-1CB7-4BEA-9F70-D9AF6FC27E4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8B977C-0427-4027-A739-70F67BB92547}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21974D15-C0BA-4BBC-ACBE-184F5B76BF04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27A876BA-41EA-4759-8DE0-BADBF160875D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E696407-B74C-4A90-83CF-26613B9BBF16}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3078134F-9DA8-4CFF-ABDB-23C58E24EFB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30BB26C7-7A1F-40DA-A917-290203C9DD3D}" = protocol=17 | dir=in | app=c:\users\rudolf\appdata\local\apps\2.0\286o2qxy.dqa\mq507dbz.tza\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{417E8128-52CA-4F2E-9A77-6EDA7CAC0139}" = protocol=6 | dir=in | app=c:\users\rudolf\appdata\roaming\dropbox\bin\dropbox.exe |
"{43396957-D026-4BB7-A1D7-6EA3DB1E77AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C1F1881-67B1-4A97-A305-9EDFD0B6AC6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4C4F96F8-C2DD-4D33-80D7-2D77788F913B}" = protocol=6 | dir=in | app=c:\users\rudolf\appdata\local\apps\2.0\286o2qxy.dqa\mq507dbz.tza\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{4D2DBFC4-C007-4481-B27D-E9ECEA7DBFA9}" = protocol=6 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D79C5E8-8B04-45DC-B7ED-A51C1D13E82E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5077E0E0-352B-4747-A420-AF4E5E27E250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{581CF02E-0BC8-461F-A6B0-0BA34B5E4044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D5A976C-950C-4812-BA7A-101D5D5F9F1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62C64B6D-B7C0-4318-8EE9-DFCAAA84055E}" = protocol=6 | dir=in | app=c:\users\rudolf\appdata\roaming\dropbox\bin\dropbox.exe |
"{679BB139-D9DD-4FBF-9CF6-E750B4B9C3E4}" = protocol=17 | dir=in | app=c:\users\rudolf\appdata\roaming\dropbox\bin\dropbox.exe |
"{705B1A20-F149-4C54-9B27-1401D702E268}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70DF0186-3337-4081-A129-098086072FA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73BD0AEB-95E9-4DC3-8538-9B1EE92551D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BA8BE35-AB01-40AD-A622-79D3ADBEE1B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7D09D149-3A86-4F9D-A372-509CE364BBA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7FFF7B66-7130-4402-B02C-B8EF2CABC819}" = protocol=6 | dir=out | app=system |
"{8439041F-7E26-4396-AD0B-A142F1F2CA0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{84DF4346-FF60-4E6B-995D-F886498BB8F2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8DC955C1-C8A4-4186-8E16-1DBB3205F146}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8F1F6F90-4ACC-498D-A8C9-60E98F99C9B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{902D2A4E-E176-4321-912D-0DB1A812111B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92500853-7C5C-48B9-9646-03CCBAD6BBA2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{937DDCED-A49B-4A07-B7FF-A410EEEE88C2}" = protocol=6 | dir=out | app=system |
"{93A59B71-7CF0-4B0D-975B-397BAB0B6F5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B71943F-35A8-4678-AB24-0C23BA01772C}" = protocol=17 | dir=in | app=c:\program files\netzmanager\netzmanager.exe |
"{A146436D-2882-4A3F-8E9C-3C2E6D56F86B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7931FE7-71F7-42E2-966A-7D1F36468655}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ADB6CDB5-97B0-4E81-92F1-265E8982E2E3}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{BF28937B-33BD-4452-8192-4A469D6E183C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BFE2133C-195A-49D7-BFD7-F6C0291377FC}" = protocol=17 | dir=in | app=c:\users\rudolf\appdata\roaming\dropbox\bin\dropbox.exe |
"{C6C3D272-5EB5-4D7E-8471-BB0D9E5750D5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC85835E-6835-4616-8FB1-1232A825A88B}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{DFD5E992-881D-4091-AC7D-D361618BFCFA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E49233C9-C570-43B3-8EC9-85C0B5617446}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E9CAABE8-2830-4810-B2BF-C62875655C40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F019A90C-B512-451F-AD2A-A0D9993F9DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8EAF93D-1CA8-479B-85B7-DA00E20C76DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{22B5D6F1-72E3-442D-ADE1-D3CC58ABFAC5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{60858635-09B5-4671-B246-1E587EC4A46D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8CDBD4AF-6687-4A57-9202-F4FBF8E27264}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{9051C765-B57C-422B-9278-1DC17FBB07BD}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{96ED4CD3-08C8-4FFD-B8C6-179837452AF5}E:\windows\dsassistant\dsassistant.exe" = protocol=6 | dir=in | app=e:\windows\dsassistant\dsassistant.exe |
"TCP Query User{9E5AAEEC-CA86-4072-8F6C-B2434E2B6400}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A25ED509-BE9E-45C7-A003-DE2A26C01743}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{C2A45076-29A9-4730-B582-33B664DBB28D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{298ACC46-0ABF-49A0-B324-0CC1EEC858BF}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{2E2FFACD-A0FF-4086-BEF1-789ED6186EC1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{4DF273C4-DAA2-416D-B19F-A11E944572E6}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{76AB7630-7EBA-440A-A58F-D8533C7A8B83}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{887CF361-924B-4562-8EF8-AC67B8D70F6D}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{89C08A53-8789-4AA0-B710-04B4DB7FF0A0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{B4894A4E-60AD-40AF-AC36-1EEA5AAF01DA}E:\windows\dsassistant\dsassistant.exe" = protocol=17 | dir=in | app=e:\windows\dsassistant\dsassistant.exe |
"UDP Query User{EFAC4575-91B8-4B1D-8359-C0AF43D28B52}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"${PRODUCT_ID}-1.1.3.38636" = Ekahau HeatMapper
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.3.5818 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 305.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 305.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI USB 2.0 Soft Modem
"Mediencenter Software" = Mediencenter Assistent
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NetWorx_is1" = NetWorx 5.2.5
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09266808-537A-43C1-8B4D-D411169F1E3B}" = Garmin Training Center
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A59ECE7-1109-4A34-A737-FC416FE4F84F}" = MAGIX Speed burnR (MSI)
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F177D85-1822-405A-AC06-30227E9C08E1}" = wdxmlsdk
"{402754E1-22AD-42D9-86C5-B0AC52C7D70D}" = Garmin City Navigator Europe (Unicode) NT 2012.30 Update
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{478f4622-8d22-4a9d-8d08-e9f5ca832aba}" = Nero 9
"{48BCA9A6-1D2A-4E4B-BB55-F82A888CE344}" = Garmin POI Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D6B0C7D-CCB5-4192-9FEA-4B5EE04AAED1}" = Topo Deutschland v2 (Süd)
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{560976C5-925A-4AA2-B28D-0493FE886F5F}" = ScanSoft OmniPage 15.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C4F272-9839-45C6-8B83-92EC89C7EE40}" = WD Software Upgrader
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B6361E8-434B-4FB9-8EAC-1FFF854619E8}" = Garmin City Navigator Europe NT 2010
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8BFB69F-BBBA-48A9-A788-851222571C77}" = MapSource Product Install
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF1C5B60-29DE-463C-BF2C-708D95F3F752}" = Garmin BaseCamp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.3.7
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Biettechnik Forum D" = Biettechnik Forum D
"Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DealPly" = DealPly
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 2.95
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
"MAGIX Music Cleaning Lab 2008 deluxe Download-Version D" = MAGIX Music Cleaning Lab 2008 deluxe Download-Version 9.0.2.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"POIbase_is1" = POIbase 1.051
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.5)
"Security Task Manager" = Security Task Manager 1.8d
"SopCast" = SopCast 3.5.0
"Stellarium_is1" = Stellarium 0.10.6.1
"Synology Assistant" = Synology Assistant (remove only)
"The KMPlayer" = The KMPlayer (remove only)
"Vokabel-Trainer Bon Courage 2.0" = Vokabel-Trainer Bon Courage 2.0
"WildTangent hp Master Uninstall" = HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.12.2012 03:59:15 | Computer Name = Compaq | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.

Error - 04.12.2012 03:36:25 | Computer Name = Compaq | Source = VSS | ID = 8193
Description =

Error - 04.12.2012 07:05:34 | Computer Name = Compaq | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.

Error - 04.12.2012 15:12:23 | Computer Name = Compaq | Source = VSS | ID = 8193
Description =

Error - 04.12.2012 15:56:22 | Computer Name = Compaq | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2dfec Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000004260c0
ID
des fehlerhaften Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung: 0x01cdd256f732b3c0
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\SHELL32.dll Berichtskennung: ad1c6cb0-3e4c-11e2-be8b-f4ce46049814

Error - 04.12.2012 15:56:53 | Computer Name = Compaq | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2dfec Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000004260c0
ID
des fehlerhaften Prozesses: 0x4ac Startzeit der fehlerhaften Anwendung: 0x01cdd2597390c450
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\SHELL32.dll Berichtskennung: bf9638d0-3e4c-11e2-be8b-f4ce46049814

Error - 04.12.2012 15:57:56 | Computer Name = Compaq | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2dfec Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000004260c0
ID
des fehlerhaften Prozesses: 0xe74 Startzeit der fehlerhaften Anwendung: 0x01cdd25985a8f810
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\SHELL32.dll Berichtskennung: e4f11690-3e4c-11e2-be8b-f4ce46049814

Error - 04.12.2012 16:34:23 | Computer Name = Compaq | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2dfec Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000004260c0
ID
des fehlerhaften Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0x01cdd25e843bf0e0
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\SHELL32.dll Berichtskennung: fc443de0-3e51-11e2-a395-f4ce46049814

Error - 05.12.2012 04:29:34 | Computer Name = Compaq | Source = VSS | ID = 8193
Description =

Error - 05.12.2012 04:30:20 | Computer Name = Compaq | Source = VSS | ID = 8193
Description =

Error - 05.12.2012 09:14:24 | Computer Name = Compaq | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Rudolf\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ Hewlett-Packard Events ]
Error - 20.05.2011 10:39:05 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051120043857.xml
File not created by asset agent

Error - 08.07.2011 08:30:23 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071108023021.xml
File not created by asset agent

Error - 20.08.2011 08:40:19 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081120024010.xml
File not created by asset agent

Error - 02.09.2011 08:43:32 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091102024324.xml
File not created by asset agent

Error - 09.09.2011 08:08:28 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020824.xml
File not created by asset agent

Error - 09.09.2011 08:08:31 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020828.xml
File not created by asset agent

Error - 23.09.2011 08:44:00 | Computer Name = Compaq | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091123024356.xml
File not created by asset agent

Error - 04.11.2011 05:14:17 | Computer Name = Compaq | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/c38332f4_44ca_454e_93fd_213dedf01e3b/xfce0fw88nrkwjhk9eutn43r_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4095 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 01.03.2012 10:21:20 | Computer Name = Compaq | Source = HPSF.exe | ID = 4000
Description =

Error - 11.05.2012 02:25:57 | Computer Name = Compaq | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Das Objekt des Typs "System.DBNull"
kann nicht in Typ "System.String" umgewandelt werden. StackTrace: bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: de-DE RAM: 4095 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 01.12.2012 07:28:34 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 01.12.2012 13:03:40 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 02.12.2012 06:02:57 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 02.12.2012 18:19:07 | Computer Name = Compaq | Source = Microsoft-Windows-WHEA-Logger | ID = 20
Description = Schwerwiegender Hardwarefehler. Komponente: AMD Northbridge Fehlerquelle:
3 Fehlertyp: 2 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.

Error - 03.12.2012 03:47:08 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 03.12.2012 04:15:16 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 03.12.2012 13:24:59 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 04.12.2012 06:33:15 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

Error - 04.12.2012 16:30:37 | Computer Name = Compaq | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 04.12.2012 16:54:46 | Computer Name = Compaq | Source = ipnathlp | ID = 31004
Description =

< End of report >

Um eine baldige Antwort wäre ich dankbar.

Alt 06.12.2012, 12:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich - Standard

Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich



Hallo und

Zitat:
Infizierte Dateien: 2
C:\Users\***\Downloads\applian flv player setup.exe (PUP.AdBundle) -> Keine Aktion durchgeführt.
C:\Users\***\Downloads\installer_samsung_galaxy_s_usb.exe (PUP.BundleInstaller.BEN) -> Keine Aktion durchgeführt.
Diese Dateien sind keine Schädlinge! PUP=potentially unwanted programs
Das sind Installer die bloß Werbemüll mit installieren können

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Antwort

Themen zu Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich
7-zip, adblock, antivir, any video converter, aufrufe, avira, benutzerkontensteurung, bho, converter, dealply, desktop, error, failed, feedback, filescout.exe, firefox, flash player, galaxy, helper, hijack, home, infizierte dateien, install.exe, intranet, log-datei, logfile, microsoft office 2003, mozilla, nvidia update, object, plug-in, policyagent, problem, programme können nicht geöffnet werden, pup.bundleinstaller.ben, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, synology, usb 2.0, virus




Ähnliche Themen: Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich


  1. Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (3)
  2. kein desktop, die taskleiste u. startmenü funktionieren nicht bzw. sind weg
    Log-Analyse und Auswertung - 12.11.2014 (5)
  3. Windows 7 - nur Schwarzer Bildschirm, Anmeldung blind möglich aber keine Desktop Symbole oder Taskleiste
    Log-Analyse und Auswertung - 06.11.2014 (15)
  4. Interpol blockiert Desktop, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.10.2014 (3)
  5. Abofalle über E-Mail, oder nicht hab kein plan ..
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (12)
  6. Windows 8: Keine Startseite mehr, kein Desktop, keine Taskleiste.
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (17)
  7. Weißer Desktop ... kein taskmaneger möglich
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (3)
  8. TROJANER - kein Zugriff auf Desktop mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  9. Trojaner einfangen über Skype Text(!)-Nachricht (kein Link, kein Anhang) möglich?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (3)
  10. weißer bildschirm, keine taskleiste, kein taskmanager mehr - kein Klicken möglich
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (1)
  11. Kein Internetzugang oder Zugriff auf Router mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (22)
  12. Kein update von Microsoft oder Antivirensoftware möglich
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (18)
  13. AntiVir Pr. 10 Update - Mail Daemon - kein Emailversand über Outlook möglich
    Überwachung, Datenschutz und Spam - 29.03.2010 (2)
  14. Hilft mir bitte, kein Desktop mehr auch keine Systemwiederherstellung möglich >.<
    Log-Analyse und Auswertung - 29.10.2009 (1)
  15. Antivir oder avast kein update mehr möglich (programme stürzen oft ab)
    Antiviren-, Firewall- und andere Schutzprogramme - 11.04.2009 (1)
  16. Kein Regedit, Exe, Bat oder ähnliches mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (3)
  17. Kein Desktop, keine Taskleiste Startmenü :)
    Mülltonne - 25.07.2006 (1)

Zum Thema Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich - Hallo zusammen, ich kann zur Zeit meinen Rechner (Win7 Home 64bit SP1) nur mit ausgeschalteter Benutzerkontensteuerung (nie benachrichtigen) betreiben. Sobald ich eine höhere Stufe einstelle (z. B 2. Stufe Standard - Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich...
Archiv
Du betrachtest: Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.