wssetup.exe

Carlos2501 · 09.06.2013, 19:13

Hallo, habe das schon hier oft gepostete Thema Perion Network - wssetup.exe ...
-beim booten startet immer ein Fenster Perion Network... habe das immer weggedrückt...

OTL bereits geladen und gescannt - hier nun die Daten;OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.06.2013 19:36:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fritz\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,84 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 56,22% Memory free
5,68 Gb Paging File | 4,06 Gb Available in Paging File | 71,51% Paging File free
Paging file location(s): c:\pagefile.sys 0 0f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,81 Gb Total Space | 181,43 Gb Free Space | 71,76% Space Free | Partition Type: NTFS
Drive D: | 30,33 Gb Total Space | 8,16 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive F: | 596,00 Gb Total Space | 360,80 Gb Free Space | 60,54% Space Free | Partition Type: FAT32
Drive K: | 15,69 Gb Total Space | 11,34 Gb Free Space | 72,27% Space Free | Partition Type: FAT32
 
Computer Name: FRITZ-PC | User Name: Fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B4552D-076B-46B5-A8AF-575A5592135B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19B078DF-D684-45AA-B203-E763D14B9DD6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1C6FF776-70B9-483A-B905-C739D43CA4E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{21D667CE-75A8-44D5-BA16-09901B02387B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2A0941D3-47C8-4326-9BFF-25E3072BE78B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DE85506-5D5A-41DF-88AC-2FEE3F3B5E4A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{387CC691-463A-446D-AD92-07073969AA98}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{397AAF73-967F-46A6-8EDA-0E7287158D0E}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{4628A4F6-BC1A-404A-A909-52D628576841}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63B375FF-EAD8-470D-BC7A-EA59184A72C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{69C8CAF9-2DF9-4720-80E1-827EC178074D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{73CFC751-EA8E-4C3E-BE7F-70969BC93230}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F546189-2748-4FD2-8062-ECD062D87779}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{85F23233-CA3B-40F9-9CAE-05F695A7867C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{90FA7FD6-1A02-485A-870A-6B82BC577CEA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{984B9959-9F0A-4E0A-8248-7B7909042445}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2399630-E12F-4B3D-9D00-2037367A802C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8774737-21C2-42E0-B6FA-7D48631F78A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB653F32-96E8-4C99-8919-BA18BADF720F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2CFE8EA-3AA1-4463-8907-1A3002E90CAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B5F2A7BC-86BA-4065-8F02-8F9BB24CF643}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7A68D81-7195-4B5B-8C4A-DCEC6272E168}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB0A6311-860D-4FE9-BBBB-769B4B8C576F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CCCBF94C-B918-448B-A846-63ED12E1CF02}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D5E3CBD0-8391-4793-8B12-ECCCB747E344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2BA4AF7-458B-4DDE-960E-BDDACAF0B26B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8810A3A-09A6-409C-A181-CAED8E50A444}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E9256FFA-30DC-4530-9865-4A2447DA0902}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F4BB6CEA-FC2F-4C9C-894D-3CDA07C20219}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F78B87BD-4965-46AA-AF07-96D29AEB5277}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F795B910-286B-4DF3-853B-82B951213842}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01735E77-F01F-41CF-A2B1-E6BACB100863}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{04748178-FB9F-4859-9BAD-20807504AD85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B626A30-4396-4EF0-8EF7-CEAF2E6DE2BD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{14A4B565-A8ED-4E72-9716-3EB6BCFE0C20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{190D372A-4A6A-4D15-A358-7E115F045423}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{221A50F6-01FE-403F-A8F6-C6BCEC6808A5}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{2B3E822E-A48C-4EC9-9CEE-0B5A5F5DCB6B}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{2B9BA808-550F-4CF0-8BC7-FEFAD6C579ED}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{334706D5-EBB2-48A8-9903-87A1955F8C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37808E03-DF86-4A90-8B41-E1001D8FEEE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{430BA80D-7A58-4B05-B5EC-5146D7D86555}" = dir=in | app=c:\users\fritz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{4670E339-6207-4864-BD8C-EF5BA8F15FBF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{4C903406-5187-49CD-AEED-C9F7D553F0BC}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{52C58A6D-6876-4E08-925D-A47DE93246EC}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{5760D796-0FD4-4EB8-AB77-260845AB1366}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{5807FB50-F932-4DF0-AC8B-C25CCB345049}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{69A68243-BAEE-4505-A028-0CA77D639B07}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{6A4A2F92-6570-4828-80BB-1EF379C87B24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CAE1B82-DD2C-4536-A061-FFA0B291B32C}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{72E49BE9-AEAD-4787-966E-F00C09BD33A5}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{7E1F83BD-37B3-4628-ACFF-BC36C9898925}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83F0C0DB-D221-46EC-A556-9242102AB9E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{870D91FD-C1FF-4C7F-9E6B-DB8DB6DF9252}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{88C454F5-5C31-4434-A16F-57C5E62A98FA}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{9281AEBF-6D82-4CD8-8F6C-ADC4C4D12F74}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{967D15F6-6223-49F2-94BB-621E6809F3FE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9A0F423F-1024-471F-BCE0-726E8CD0F9C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A6C00D2-4375-444E-83B7-6309615E865D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{9D003E52-7D58-4B2D-B480-1F1206EB4724}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A31999CB-1DA3-413F-943B-AF809CE3B38C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{A3540DAC-E7D0-4853-83DB-DF7C46C794F7}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{A4F769F2-D2C6-42CC-9891-7FE23F5BB510}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A59D59DF-023B-4FF4-B4CE-442D8E886DCE}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{ACAD0739-C7BA-433C-B6FD-E60527C7B0F7}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{B9183499-46B8-4950-8D07-99DEDF1660E0}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{CBA813E4-D212-4CCB-BB4D-4BA4501AE186}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7D13159-EA54-44FD-9347-F1C5DD0862A4}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{DC3AC6FD-C994-42D3-BFF2-4F0EF079DAB7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{DC5970F6-2238-4A6D-BCAC-B7F56366F113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6E3BE58-63C3-400C-B859-8F0F30577AAB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E88351F0-14B4-4C82-A801-FEC9B73B6D7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9DC9879-0FA0-4BD0-A055-0E8654875E5D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{EA0E61BD-C819-4B1E-8BA4-7133F6C092B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ED37349B-E70D-46A3-A2A0-659432D879EC}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{F3C3DE72-970C-44C4-8F6A-C4E997AA8C73}" = protocol=6 | dir=out | app=system | 
"{FB7F1BA7-F5D7-48CE-87A7-EBBB45E71200}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD848C69-F579-420D-80F0-A9BF7FE12D56}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{70834DAF-A5D8-4D46-817C-9FAC4855FCC5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0D80828D-5C49-4663-9B5B-9984CF959298}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2FAA2415-618E-4EC0-8253-3CDA076C84D6}" = AquaSoft DiaShow 7 Ultimate
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54882CC4-DA1C-445C-91F0-6536ED10923C}" = MAGIX Music Maker 16
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{97922AE1-B850-4B21-85EF-FD1E7ED20D65}" = MAGIX Speed 2 (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AquaSoft DiaShow 7 Ultimate" = AquaSoft DiaShow 7 Ultimate
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_AUDIO_HDA" = Conexant HD Audio
"ColorPlus" = ColorPlus
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EasyCapture4.0" = EasyCapture
"EOS Utility" = Canon Utilities EOS Utility
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"MAGIX Screenshare D" = MAGIX Screenshare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mm16" = MAGIX Music Maker 16
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SearchProtect" = Search Protect by conduit
"Spyder3Pro" = Spyder3Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = Unknown File Assistant
"TVWiz" = Intel(R) TV Wizard
"VertusFluidMask3" = Vertus Fluid Mask 3 3.2.2
"VLC media player" = VLC media player 2.0.6
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Wajam" = Wajam
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMS" = Windows NT Messaging
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2013 17:47:56 | Computer Name = Fritz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x2b34 Startzeit der fehlerhaften Anwendung: 0x01ce393c60f13802 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: f6f92277-a54c-11e2-bbe7-00269e30e543
 
Error - 30.04.2013 17:40:53 | Computer Name = Fritz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x7908 Startzeit der fehlerhaften Anwendung: 0x01ce45cd40002e31 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: a19b4bdd-b1de-11e2-9324-00269e30e543
 
Error - 05.05.2013 17:12:29 | Computer Name = Fritz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x2154 Startzeit der fehlerhaften Anwendung: 0x01ce49cbb0023a79 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 7db2fa9c-b5c8-11e2-bfbb-00269e30e543
 
Error - 09.05.2013 15:34:49 | Computer Name = Fritz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 17.0.5.4835,
Zeitstempel: 0x51549ec4 Name des fehlerhaften Moduls: xul.dll, Version: 17.0.5.4835,
Zeitstempel: 0x51549e25 Ausnahmecode: 0xc0000005 Fehleroffset: 0x009c506b ID des fehlerhaften
Prozesses: 0xc770 Startzeit der fehlerhaften Anwendung: 0x01ce4ceba29d0d8d Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung:
82dbfc25-b8df-11e2-a05b-00269e30e543
 
Error - 13.05.2013 14:18:02 | Computer Name = Fritz-PC | Source = CltMngSvc | ID = 1000
Description = 
 
Error - 13.05.2013 16:17:42 | Computer Name = Fritz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 17.0.5.4835,
Zeitstempel: 0x51549ec4 Name des fehlerhaften Moduls: xul.dll, Version: 17.0.5.4835,
Zeitstempel: 0x51549e25 Ausnahmecode: 0xc0000005 Fehleroffset: 0x009c506b ID des fehlerhaften
Prozesses: 0xeb70 Startzeit der fehlerhaften Anwendung: 0x01ce4e744578009c Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung:
2a23a09c-bc0a-11e2-a05b-00269e30e543
 
Error - 15.05.2013 14:19:41 | Computer Name = Fritz-PC | Source = ESENT | ID = 482
Description = Windows (4468) Windows: Versuch, in Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"
bei Offset 275775488 (0x0000000010700000) für 32768 (0x00008000) Bytes zu schreiben,
ist nach 0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht
genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss 
aus einer vorherigen Sicherung wiederhergestellt werden.
 
Error - 15.05.2013 14:19:41 | Computer Name = Fritz-PC | Source = ESENT | ID = 482
Description = Windows (4468) Windows: Versuch, in Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"
bei Offset 36536320 (0x00000000022d8000) für 32768 (0x00008000) Bytes zu schreiben,
ist nach 0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht
genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss 
aus einer vorherigen Sicherung wiederhergestellt werden.
 
Error - 15.05.2013 14:19:41 | Computer Name = Fritz-PC | Source = ESENT | ID = 482
Description = Windows (4468) Windows: Versuch, in Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"
bei Offset 275808256 (0x0000000010708000) für 32768 (0x00008000) Bytes zu schreiben,
ist nach 0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht
genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss 
aus einer vorherigen Sicherung wiederhergestellt werden.
 
Error - 15.05.2013 14:20:53 | Computer Name = Fritz-PC | Source = ESENT | ID = 482
Description = Windows (4468) Windows: Versuch, in Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"
bei Offset 42926080 (0x00000000028f0000) für 32768 (0x00008000) Bytes zu schreiben,
ist nach 0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht
genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss 
aus einer vorherigen Sicherung wiederhergestellt werden.
 
[ Media Center Events ]
Error - 01.03.2011 22:46:14 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 03:46:10 - Fehler beim Herstellen der Internetverbindung. 03:46:10 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 03.03.2011 16:43:03 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 21:43:03 - Fehler beim Herstellen der Internetverbindung. 21:43:03 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 03.03.2011 16:43:13 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 21:43:08 - Fehler beim Herstellen der Internetverbindung. 21:43:08 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.03.2011 15:49:53 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 20:49:53 - Fehler beim Herstellen der Internetverbindung. 20:49:53 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.03.2011 15:50:09 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 20:49:58 - Fehler beim Herstellen der Internetverbindung. 20:49:58 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.03.2011 05:55:37 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 10:55:33 - Fehler beim Herstellen der Internetverbindung. 10:55:33 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.03.2011 05:55:58 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 10:55:53 - Fehler beim Herstellen der Internetverbindung. 10:55:53 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.04.2011 14:13:51 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 20:13:51 - Fehler beim Herstellen der Internetverbindung. 20:13:51 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.04.2011 14:14:26 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 20:14:20 - Fehler beim Herstellen der Internetverbindung. 20:14:20 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.09.2012 14:31:20 | Computer Name = Fritz-PC | Source = MCUpdate | ID = 0
Description = 20:31:11 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..) 
 
[ System Events ]
Error - 07.06.2013 14:18:25 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 07.06.2013 14:54:42 | Computer Name = Fritz-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.06.2013 14:13:15 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 08.06.2013 14:13:17 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 08.06.2013 15:03:38 | Computer Name = Fritz-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.06.2013 15:29:10 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 08.06.2013 15:29:10 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 08.06.2013 17:48:57 | Computer Name = Fritz-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.06.2013 13:26:32 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 09.06.2013 13:26:33 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
 
< End of report >

--- --- ---

2. Datei;OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.06.2013 19:36:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fritz\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,84 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 56,22% Memory free
5,68 Gb Paging File | 4,06 Gb Available in Paging File | 71,51% Paging File free
Paging file location(s): c:\pagefile.sys 0 0f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,81 Gb Total Space | 181,43 Gb Free Space | 71,76% Space Free | Partition Type: NTFS
Drive D: | 30,33 Gb Total Space | 8,16 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive F: | 596,00 Gb Total Space | 360,80 Gb Free Space | 60,54% Space Free | Partition Type: FAT32
Drive K: | 15,69 Gb Total Space | 11,34 Gb Free Space | 72,27% Space Free | Partition Type: FAT32
 
Computer Name: FRITZ-PC | User Name: Fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fritz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Fritz\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ReadyComm\BTSvc.exe (Lenovo Group Limited)
PRC - C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
MOD - C:\Windows\System32\LogAPI.dll ()
MOD - C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (CltMngSvc) -- C:\Programme\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WajamUpdater) -- C:\Programme\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys ()
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (Darusb_win7) -- C:\Windows\System32\drivers\Darusb_win7.sys (Atheros Communications, Inc.)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (cvspydr2) -- C:\Windows\System32\drivers\cvspydr2.sys (Colorvision Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={A59A1288-4949-11E2-BED3-00269E30E543}
IE - HKLM\..\SearchScopes,DefaultScope = {1742D3C9-45E2-48FB-A27E-F6B2E9AFFC37}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={A59A1288-4949-11E2-BED3-00269E30E543}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&SearchSource=61&CUI=UN42372486366958299&UM=2&UP=SP5C0DC641-D573-44C7-B537-10EE456CAEC7
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {1742D3C9-45E2-48FB-A27E-F6B2E9AFFC37}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{1742D3C9-45E2-48FB-A27E-F6B2E9AFFC37}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN42372486366958299&UM=2
IE - HKCU\..\SearchScopes\{AED1DFFE-CAC4-4E41-8CD6-D6D6B8F2B03D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=eccfc23e-dd90-41b2-bc74-d52661bcdfee&apn_sauid=AC98779F-B451-4666-9066-E0F452919267
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={A59A1288-4949-11E2-BED3-00269E30E543}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDvideoSoft 2.0 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&CUI=UN35187579892279529&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tvinfo.de/nc"
FF - prefs.js..extensions.enabledAddons: %7Be0e30ae0-9a17-11de-b2f2-56dc55d89593%7D:4.0.2
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..extensions.enabledItems: {e0e30ae0-9a17-11de-b2f2-56dc55d89593}:2.0.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fritz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.21 21:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.21 21:33:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.14 21:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.21 21:33:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.21 21:33:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.14 21:11:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.06.13 01:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fritz\AppData\Roaming\mozilla\Extensions
[2010.06.13 01:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fritz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.06.08 21:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\xi42lcrj.default\extensions
[2013.05.28 23:56:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\xi42lcrj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.22 21:07:06 | 000,000,000 | ---D | M] (MK Notifier) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\xi42lcrj.default\extensions\{e0e30ae0-9a17-11de-b2f2-56dc55d89593}
[2013.05.22 20:19:30 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\xi42lcrj.default\extensions\foxmarks@kei.com
[2013.06.08 21:15:52 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\xi42lcrj.default\extensions\toolbar@ask.com
[2013.05.30 22:08:08 | 000,001,294 | ---- | M] () -- C:\Users\Fritz\AppData\Roaming\mozilla\firefox\profiles\xi42lcrj.default\searchplugins\delta.xml
[2013.05.21 21:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.21 21:33:17 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2013.05.21 21:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.21 21:33:33 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Programme\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Fritz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ReadyComm5] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Fritz\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED89B5E1-ABBD-47F4-953D-6B15C5E92024}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk K:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 19:34:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fritz\Desktop\OTL.exe
[2013.06.08 21:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.08 21:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.06.04 20:20:25 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr80.dll
[2013.06.04 20:20:25 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcp80.dll
[2013.06.04 20:20:25 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcm80.dll
[2013.06.03 20:39:48 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.30 22:06:52 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Babylon
[2013.05.30 22:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.05.30 22:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.05.30 22:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.05.21 21:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.21 20:27:12 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013.05.21 20:26:34 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2013.05.21 20:26:23 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2013.05.21 20:26:23 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2013.05.15 21:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.14 21:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.13 20:18:06 | 000,000,000 | ---D | C] -- C:\SearchProtect
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 19:47:03 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2263772851-2636720212-2005182232-1003UA.job
[2013.06.09 19:47:02 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2263772851-2636720212-2005182232-1003Core.job
[2013.06.09 19:35:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fritz\Desktop\OTL.exe
[2013.06.09 19:34:03 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.09 19:34:03 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.09 19:34:03 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.09 19:34:03 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.09 19:33:49 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 19:33:49 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 19:27:17 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 19:26:04 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cd0ea943fee842.job
[2013.06.09 19:25:46 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013.06.09 19:25:36 | 2287,411,200 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 23:25:00 | 000,000,302 | ---- | M] () -- C:\windows\tasks\MT66 Software Update.job
[2013.06.08 23:24:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 22:17:47 | 000,000,000 | ---- | M] () -- C:\END
[2013.05.30 22:06:46 | 000,001,360 | ---- | M] () -- C:\Users\Fritz\Desktop\Free YouTube to MP3 Converter.lnk
[2013.05.27 21:47:54 | 000,000,432 | ---- | M] () -- C:\windows\BRWMARK.INI
[2013.05.24 20:23:30 | 000,008,360 | ---- | M] () -- C:\Users\Fritz\Desktop\bedienung keycamera 808.odt
[2013.05.21 21:24:52 | 000,524,992 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.17 20:48:18 | 000,356,127 | ---- | M] () -- C:\Users\Fritz\Desktop\DPP_124dd.jpg
[2013.05.15 21:14:43 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.14 22:27:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.05.14 22:27:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.14 21:07:43 | 000,273,191 | ---- | M] () -- C:\Users\Fritz\Desktop\a4987aaef7cafc3c5364f24cbe17ee98132729060123957912.jpg
[2013.05.13 21:30:38 | 000,013,057 | ---- | M] () -- C:\Users\Fritz\Documents\MDK Mai 2013.odt
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.24 20:23:30 | 000,008,360 | ---- | C] () -- C:\Users\Fritz\Desktop\bedienung keycamera 808.odt
[2013.05.18 21:14:31 | 000,224,051 | ---- | C] () -- C:\Users\Fritz\Desktop\IMG_3025 Kopie.jpg
[2013.05.17 20:48:18 | 000,356,127 | ---- | C] () -- C:\Users\Fritz\Desktop\DPP_124dd.jpg
[2013.05.15 21:14:43 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.14 21:07:41 | 000,273,191 | ---- | C] () -- C:\Users\Fritz\Desktop\a4987aaef7cafc3c5364f24cbe17ee98132729060123957912.jpg
[2013.05.13 21:21:16 | 000,013,057 | ---- | C] () -- C:\Users\Fritz\Documents\MDK Mai 2013.odt
[2012.12.25 22:40:33 | 000,001,007 | ---- | C] () -- C:\Users\Fritz\Fritz - Verknüpfung (2).lnk
[2012.12.25 22:40:31 | 000,001,007 | ---- | C] () -- C:\Users\Fritz\Fritz - Verknüpfung.lnk
[2011.07.21 22:30:02 | 000,007,612 | ---- | C] () -- C:\Users\Fritz\AppData\Local\Resmon.ResmonCfg
[2011.04.28 11:29:44 | 000,000,546 | ---- | C] () -- C:\Users\Fritz\AppData\Local\WT61DE.UWL
[2010.06.27 20:58:24 | 000,004,608 | ---- | C] () -- C:\Users\Fritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 20:26:24 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >

--- --- ---

Beste Grüße Carlos

wssetup.exe

Log-Analyse und Auswertung: wssetup.exe

wssetup.exe

Ähnliche Themen: wssetup.exe