Was macht mein System nach automatischem Schnellscan? Virus?

Hallo,

 

nach dem Update von NIS 2012 auf 2013 beobachte ich an meinem Rechner folgendes Phänomen: nach jedem täglichen automatischen Schnellscan ist mein PC danach noch eine ganze Weile mit irgendetwas beschäftigt, wo ich nicht weiß, was er in dieser Zeit macht.

 

Ich habe in dieser Zeit eine CPU-Auslastung von ca. 10-15%, wo ich festgestellt habe, dass diese vom Task "System" kommt. Außerdem sind meine Festplatten während dieser Zeit unentwegt beschäftigt und mein freier RAM wird weniger (von anfangs ca. 24% RAM Auslastung auf ca. 30% RAM Auslastung nach Beendigung der Aktion). Die Zeit in der mein Rechner beschäftigt ist, wird auch immer ein ganz klein wenig mehr - ich habe einen Screenshot vom 13.12.12 beigefügt, aus dem ersichtlich ist, dass er ungefähr 8 Minuten beschäftigt war. Mitterweile ist diese Zeit auf etwa 15 Minuten angewachsen.

 

Hat jemand eine Ahnung, woran das liegen kann und womit mein PC so beschäftigt ist? Ich vermutete vielleicht einen Virus, aber Norton, Norton Power Eraser, Malwarebytes Anti-Malware und das hauseigene Tool von Windows konnten zum Glück alle nichts finden. Ich hatte den PC auch bei meinem Händler zum Überprüfen und auch er konnte keine verdächtige Software feststellen.

 

Aber irgendwie beschäftigt mich das alles doch, denn irgendwas muss mein PC ja machen, den RAM aufbrauchen und die Festplatten auslesen. Ich vermute, dass es mit NIS zusammen hängt, denn wenn ich meinen PC aus der Leerlaufzeit "aufwecke", hört er sofort auf damit und setzt bei neuer Leerlaufzeit mit seiner "Aktion" fort. Außerdem tut er das immer nur nach dem automatischen Schnellscan. Wenn ich den Schnellscan manuell anstosse, passiert das nicht.

 

Herzlichen Dank für Eure Hilfe!

Klaus

Hallo,

 

nach dem Update von NIS 2012 auf 2013 beobachte ich an meinem Rechner folgendes Phänomen: nach jedem täglichen automatischen Schnellscan ist mein PC danach noch eine ganze Weile mit irgendetwas beschäftigt, wo ich nicht weiß, was er in dieser Zeit macht.

 

Ich habe in dieser Zeit eine CPU-Auslastung von ca. 10-15%, wo ich festgestellt habe, dass diese vom Task "System" kommt. Außerdem sind meine Festplatten während dieser Zeit unentwegt beschäftigt und mein freier RAM wird weniger (von anfangs ca. 24% RAM Auslastung auf ca. 30% RAM Auslastung nach Beendigung der Aktion). Die Zeit in der mein Rechner beschäftigt ist, wird auch immer ein ganz klein wenig mehr - ich habe einen Screenshot vom 13.12.12 beigefügt, aus dem ersichtlich ist, dass er ungefähr 8 Minuten beschäftigt war. Mitterweile ist diese Zeit auf etwa 15 Minuten angewachsen.

 

Hat jemand eine Ahnung, woran das liegen kann und womit mein PC so beschäftigt ist? Ich vermutete vielleicht einen Virus, aber Norton, Norton Power Eraser, Malwarebytes Anti-Malware und das hauseigene Tool von Windows konnten zum Glück alle nichts finden. Ich hatte den PC auch bei meinem Händler zum Überprüfen und auch er konnte keine verdächtige Software feststellen.

 

Aber irgendwie beschäftigt mich das alles doch, denn irgendwas muss mein PC ja machen, den RAM aufbrauchen und die Festplatten auslesen. Ich vermute, dass es mit NIS zusammen hängt, denn wenn ich meinen PC aus der Leerlaufzeit "aufwecke", hört er sofort auf damit und setzt bei neuer Leerlaufzeit mit seiner "Aktion" fort. Außerdem tut er das immer nur nach dem automatischen Schnellscan. Wenn ich den Schnellscan manuell anstosse, passiert das nicht.

 

Herzlichen Dank für Eure Hilfe!

Klaus

Wie füge ich die beiden Dateien OTL.txt und Extras.txt ein? Er sagt mir, es seien zu viele Zeichen?

In mehrerer Beiträgen aufteilen.

OTL logfile created on: 14.01.2013 18:04:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Klaus\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,09% Memory free
15,99 Gb Paging File | 14,15 Gb Available in Paging File | 88,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 58,03 Gb Free Space | 48,71% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 713,53 Gb Free Space | 76,60% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Klaus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - D:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.0.19\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - D:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - D:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - D:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - D:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - D:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - D:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:[b]64bit:[/b] - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:[b]64bit:[/b] - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:[b]64bit:[/b] - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:[b]64bit:[/b] - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (SSLDrv) -- C:\Windows\SysNative\drivers\SSLDrv.sys (Cavium Networks)
DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:[b]64bit:[/b] - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:[b]64bit:[/b] - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:[b]64bit:[/b] - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130114.004\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130114.004\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130113.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130107.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 3B 4F 91 F6 13 CC 01  [binary data]
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 D4 88 65 81 EE CD 01  [binary data]
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: d:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.12.17 11:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.01.14 15:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 11:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 11:03:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.12.28 22:33:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 11:03:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 11:03:02 | 000,000,000 | ---D | M]
 
[2013.01.10 11:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.01.10 11:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.10 11:03:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.10 11:03:05 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.01 09:50:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.08 18:03:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.01 09:50:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 09:50:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 09:50:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 09:50:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.12 13:24:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000..\Run: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:[b]64bit:[/b] - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://80.153.153.213/XTunnel64.cab (VPLaunch Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6DF5BAE-0052-428E-9971-4C70BBAC2E14}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBEF7612-376D-4C26-8A4C-EE78A14F8D47}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd981b38-7c7d-11e0-b157-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd981b38-7c7d-11e0-b157-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013.01.11 10:33:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Macromedia
[2013.01.11 10:33:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013.01.11 10:33:05 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 10:33:05 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.11 10:33:05 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.10 11:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.10 11:02:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla
[2013.01.10 11:02:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mozilla
[2013.01.09 10:48:41 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 10:48:41 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 10:48:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 10:48:32 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 10:48:24 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 10:48:24 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 10:48:24 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 10:48:24 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 10:48:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 10:48:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 10:48:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 10:48:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 10:48:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 10:48:24 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 10:48:24 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 10:48:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 10:48:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 10:48:24 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 10:48:24 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 10:48:24 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 10:48:24 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 10:48:24 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 10:48:24 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 10:48:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 10:48:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 10:48:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 10:48:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 10:48:24 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 10:48:24 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 10:48:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 10:48:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 10:48:23 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 10:48:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 10:48:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 10:48:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 10:48:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 10:48:03 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 10:48:03 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 10:48:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 10:48:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 10:48:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 10:48:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 10:48:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 10:48:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 10:48:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 10:48:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 10:48:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 10:48:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 10:48:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 10:48:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 10:48:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 10:48:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 10:48:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 10:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 10:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 10:48:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 10:47:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.05 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.03 18:04:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013.01.03 18:04:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.12.22 10:50:57 | 000,000,000 | R--D | C] -- C:\Users\user\Virtual Machines
[2012.12.21 13:50:05 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 13:50:05 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 13:50:05 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 13:50:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.19 13:02:09 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.17 13:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 13:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.17 13:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DLLSuite
[2012.12.17 13:22:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.17 12:04:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.17 12:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.17 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Logitech® Webcam-Software
[2012.12.17 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Logitech

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013.01.14 16:04:44 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 16:04:44 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 16:01:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.14 16:01:52 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.14 16:01:52 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.14 16:01:52 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.14 16:01:52 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.14 15:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.14 15:57:33 | 2144,755,711 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.11 11:27:54 | 000,007,604 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013.01.09 16:38:17 | 000,532,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 16:09:53 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 16:09:53 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.05 19:54:47 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.05 14:45:09 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.03 18:05:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.21 13:16:46 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.12.17 12:01:52 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013.01.11 11:27:54 | 000,007,604 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013.01.05 19:54:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.05 19:54:47 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.17 13:53:38 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.17 12:01:52 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.05 15:39:29 | 000,266,088 | ---- | C] () -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.22 20:43:18 | 000,000,021 | ---- | C] () -- C:\Windows\TemplateWizard.INI
[2011.08.10 08:22:37 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\odbccr32.dll
[2011.07.29 12:38:35 | 000,001,027 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.07.29 12:38:35 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.07.29 12:38:15 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.29 12:38:15 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7820N.DAT
[2011.07.29 12:34:53 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.07.29 12:34:53 | 000,000,124 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.07.29 12:34:53 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.06.09 18:18:34 | 000,000,567 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.05.20 10:23:27 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.05.12 11:01:38 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012.10.27 11:06:09 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Amazon
[2012.11.19 16:39:04 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Canon
[2012.01.11 16:31:40 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\CD-LabelPrint
[2011.06.24 21:27:55 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\DataDesign
[2012.10.08 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\DTencryptor-F
[2013.01.12 16:50:36 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\DTencryptor-G
[2012.02.12 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\ERS Game Studios
[2012.12.17 13:23:40 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\GHISLER
[2011.07.18 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\hastasoft
[2013.01.07 12:49:25 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\KeePass
[2011.06.21 21:33:19 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Leadertech
[2011.06.24 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Lexware
[2012.12.28 17:01:13 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Mp3tag
[2011.07.04 17:31:53 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Music Wizard
[2013.01.11 10:01:19 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\MyPhoneExplorer
[2011.07.02 13:01:36 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Nokia
[2011.07.02 13:01:38 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Nokia Ovi Suite
[2011.12.28 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Nokia Suite
[2011.07.02 12:45:06 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\PC Suite
[2011.07.31 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\PC-FAX TX
[2012.08.15 21:16:06 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Serif
[2011.07.12 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Setup
[2011.09.21 17:59:31 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Ubisoft
[2011.06.25 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Ulead Systems
[2011.07.18 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:A88BE334

< End of report >

OTL Extras logfile created on: 14.01.2013 18:04:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Klaus\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,09% Memory free
15,99 Gb Paging File | 14,15 Gb Available in Paging File | 88,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 58,03 Gb Free Space | 48,71% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 713,53 Gb Free Space | 76,60% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "D:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "D:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18E3F154-B13C-405A-8872-264E183FE4B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{399CC80E-6796-4476-9689-D499FC12E1B5}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{67AC3955-E43F-46C9-9EB8-3D8AB610B587}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A84DA008-69CA-494D-AA39-645457A8A72D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C065E963-5FEF-4B03-B82B-FC6725AAA871}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32

Spoiler (Zum Lesen markieren)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{2ADF0BF2-5E4B-4390-A7AD-E7BA7B2F9A62}" = NetSkat
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken DELUXE 2012
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{41DF6AB7-4F89-478D-8501-D81A7A975D35}" = SP2GalleryImages
"{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}" = Deutsche Post E-Porto
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking
"{C9796C06-E858-432D-B5A4-5F68FE3BD9E0}" = DesignPro 5
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}" = Namo WebEditor 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FD0F8123-9035-44B0-B331-2596979E74ED}_is1" = Book Collector
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Tales - Der schwarze Kater von Edgar Allan Poe" = Dark Tales: Der schwarze Kater von Edgar Allan Poe
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{C9796C06-E858-432D-B5A4-5F68FE3BD9E0}" = DesignPro 5
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.8.1
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MapUtility" = Canon Utilities Map Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MPE" = MyPhoneExplorer
"MUSICWIZARD_is1" = Music Wizard Professional 8.0.7
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NIS" = Norton Internet Security
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PCA25-u" = PC-Adreßzz! 7.x deinstalieren
"PCN20-u" = PC-Notizz! Pro deinstalieren
"PhotoStitch" = Canon Utilities PhotoStitch
"SaferMail-u" = Safer Mail deinstalieren
"Telekom Fotoservice" = Telekom Fotoservice
"Timo10-u" = TimOnize deinstalieren
"Winamp" = Winamp
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 14.11.2012 16:18:45 | Computer Name = home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa.exe, Version: 1.0.0.0, Zeitstempel:
 0x4c8a90dc  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x40800000  ID des fehlerhaften Prozesses:
 0x53c  Startzeit der fehlerhaften Anwendung: 0x01cdc29b75e6250c  Pfad der fehlerhaften
 Anwendung: D:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 7d7270b9-2e98-11e2-a3a4-1c6f658f0af8
 
Error - 22.11.2012 07:16:52 | Computer Name = home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: asOELnch.exe, Version: 20.2.0.19,
 Zeitstempel: 0x50810010  Name des fehlerhaften Moduls: OUTLMIME.DLL, Version: 14.0.6125.5000,
 Zeitstempel: 0x50076d81  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00063453  ID des fehlerhaften
 Prozesses: 0x1378  Startzeit der fehlerhaften Anwendung: 0x01cdc8a2df7efac1  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\asOELnch.exe
Pfad
 des fehlerhaften Moduls: C:\PROGRA~2\MICROS~1\Office14\OUTLMIME.DLL  Berichtskennung:
 1d7e9749-3496-11e2-8bc3-1c6f658f0af8
 
Error - 25.11.2012 11:19:56 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Telekom Fotoservice.exe, Version 0.0.0.0 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: bec    Startzeit: 01cdcb201b6dbeeb    Endzeit: 16    Anwendungspfad:
D:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe

Berichts-ID:
 8d53abb5-3713-11e2-ba5f-1c6f658f0af8  
 
Error - 02.12.2012 06:42:27 | Computer Name = home | Source = Windows Backup | ID = 4103
Description =
 
Error - 17.12.2012 06:09:36 | Computer Name = home | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/17 11:09:36.786]: [00003084]: GetDeviceList Failed!
 pStiInfo = 0x0..  
 
Error - 17.12.2012 06:09:36 | Computer Name = home | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/17 11:09:36.786]: [00003084]: ##### Fatal ERROR!!
 Create STI-device failed! #####  
 
Error - 17.12.2012 06:09:36 | Computer Name = home | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/17 11:09:36.802]: [00003084]: Initialize TwdsMain
 Class failed!  
 
Error - 02.01.2013 04:29:00 | Computer Name = home | Source = Windows Backup | ID = 4103
Description =
 
Error - 05.01.2013 10:38:14 | Computer Name = home | Source = MsiInstaller | ID = 11328
Description =
 
Error - 05.01.2013 10:38:18 | Computer Name = home | Source = MsiInstaller | ID = 1024
Description =
 
[ System Events ]
Error - 11.01.2013 04:45:53 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12.01.2013 04:48:45 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 12.01.2013 04:50:11 | Computer Name = home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.01.2013 04:50:11 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 13.01.2013 12:42:26 | Computer Name = home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 13.01.2013 12:42:26 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 13.01.2013 12:43:22 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 14.01.2013 10:57:42 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 14.01.2013 10:59:43 | Computer Name = home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 14.01.2013 10:59:43 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10"{2ADF0BF2-5E4B-4390-A7AD-E7BA7B2F9A62}" = NetSkat"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken DELUXE 2012"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU"{41DF6AB7-4F89-478D-8501-D81A7A975D35}" = SP2GalleryImages"{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin"{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}" = Deutsche Post E-Porto"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking"{C9796C06-E858-432D-B5A4-5F68FE3BD9E0}" = DesignPro 5"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86"{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}" = Namo WebEditor 9"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker"{FD0F8123-9035-44B0-B331-2596979E74ED}_is1" = Book Collector"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17"BFGC" = Big Fish Games: Game Manager"BFG-Dark Tales - Der schwarze Kater von Edgar Allan Poe" = Dark Tales: Der schwarze Kater von Edgar Allan Poe"CameraWindowDC8" = Canon Utilities CameraWindow DC 8"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX"Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung"Canon MOV Decoder" = Canon MOV Decoder"Canon MOV Encoder" = Canon MOV Encoder"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program"CanonMyPrinter" = Canon My Printer"CanonSolutionMenuEX" = Canon Solution Menu EX"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint"InstallShield_{C9796C06-E858-432D-B5A4-5F68FE3BD9E0}" = DesignPro 5"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver"InvelosDVDProfiler_is1" = DVD Profiler Version 3.8.1"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100"MapUtility" = Canon Utilities Map Utility"MediaNavigation.CDLabelPrint" = CD-LabelPrint"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)"MozillaMaintenanceService" = Mozilla Maintenance Service"Mp3tag" = Mp3tag v2.49"MPE" = MyPhoneExplorer"MUSICWIZARD_is1" = Music Wizard Professional 8.0.7"MyCamera" = Canon Utilities MyCamera"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin"NIS" = Norton Internet Security"Nokia Suite" = Nokia Suite"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Office14.SingleImage" = Microsoft Office Home and Business 2010"PCA25-u" = PC-Adreßzz! 7.x deinstalieren"PCN20-u" = PC-Notizz! Pro deinstalieren"PhotoStitch" = Canon Utilities PhotoStitch"SaferMail-u" = Safer Mail deinstalieren"Telekom Fotoservice" = Telekom Fotoservice"Timo10-u" = TimOnize deinstalieren"Winamp" = Winamp"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Winamp Detect" = Winamp Erkennungs-Plug-in [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ]Error - 14.11.2012 16:18:45 | Computer Name = home | Source = Application Error | ID = 1000Description = Name der fehlerhaften Anwendung: fifa.exe, Version: 1.0.0.0, Zeitstempel: 0x4c8a90dc  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x40800000  ID des fehlerhaften Prozesses: 0x53c  Startzeit der fehlerhaften Anwendung: 0x01cdc29b75e6250c  Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: 7d7270b9-2e98-11e2-a3a4-1c6f658f0af8 Error - 22.11.2012 07:16:52 | Computer Name = home | Source = Application Error | ID = 1000Description = Name der fehlerhaften Anwendung: asOELnch.exe, Version: 20.2.0.19, Zeitstempel: 0x50810010  Name des fehlerhaften Moduls: OUTLMIME.DLL, Version: 14.0.6125.5000, Zeitstempel: 0x50076d81  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00063453  ID des fehlerhaften Prozesses: 0x1378  Startzeit der fehlerhaften Anwendung: 0x01cdc8a2df7efac1  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\asOELnch.exePfad des fehlerhaften Moduls: C:\PROGRA~2\MICROS~1\Office14\OUTLMIME.DLL  Berichtskennung: 1d7e9749-3496-11e2-8bc3-1c6f658f0af8 Error - 25.11.2012 11:19:56 | Computer Name = home | Source = Application Hang | ID = 1002Description = Programm Telekom Fotoservice.exe, Version 0.0.0.0 kann nicht mehrunter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: bec    Startzeit: 01cdcb201b6dbeeb    Endzeit: 16    Anwendungspfad:smileyvery-happy::\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exeBerichts-ID: 8d53abb5-3713-11e2-ba5f-1c6f658f0af8   Error - 02.12.2012 06:42:27 | Computer Name = home | Source = Windows Backup | ID = 4103Description = Error - 17.12.2012 06:09:36 | Computer Name = home | Source = Brother BrLog | ID = 1001Description = TWN BrtTWN: [2012/12/17 11:09:36.786]: [00003084]: GetDeviceList Failed! pStiInfo = 0x0..   Error - 17.12.2012 06:09:36 | Computer Name = home | Source = Brother BrLog | ID = 1001Description = TWN BrtTWN: [2012/12/17 11:09:36.786]: [00003084]: ##### Fatal ERROR!! Create STI-device failed! #####   Error - 17.12.2012 06:09:36 | Computer Name = home | Source = Brother BrLog | ID = 1001Description = TWN BrtTWN: [2012/12/17 11:09:36.802]: [00003084]: Initialize TwdsMain Class failed!   Error - 02.01.2013 04:29:00 | Computer Name = home | Source = Windows Backup | ID = 4103Description = Error - 05.01.2013 10:38:14 | Computer Name = home | Source = MsiInstaller | ID = 11328Description = Error - 05.01.2013 10:38:18 | Computer Name = home | Source = MsiInstaller | ID = 1024Description = [ System Events ]Error - 11.01.2013 04:45:53 | Computer Name = home | Source = Service Control Manager | ID = 7000Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1069 Error - 12.01.2013 04:48:45 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5Description = Error - 12.01.2013 04:50:11 | Computer Name = home | Source = Service Control Manager | ID = 7038Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 12.01.2013 04:50:11 | Computer Name = home | Source = Service Control Manager | ID = 7000Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1069 Error - 13.01.2013 12:42:26 | Computer Name = home | Source = Service Control Manager | ID = 7038Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 13.01.2013 12:42:26 | Computer Name = home | Source = Service Control Manager | ID = 7000Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1069 Error - 13.01.2013 12:43:22 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5Description = Error - 14.01.2013 10:57:42 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5Description = Error - 14.01.2013 10:59:43 | Computer Name = home | Source = Service Control Manager | ID = 7038Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 14.01.2013 10:59:43 | Computer Name = home | Source = Service Control Manager | ID = 7000Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1069  < End of report >

So, das waren jetzt die zwei Dateien... Herzlichen Dank schonmal!

Hallo,

 

mal folgenden Fix durchführen:

 

1. Starte die OTL.exe

2. Kopere folgendes in die Codebox:

 

:OTL

O4 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1000…\Run: File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O33 - MountPoints2{dd981b38-7c7d-11e0-b157-806e6f6e6963}\Shell\AutoRun\command - “” = E:\AutoRun.exe
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:A88BE334
:Commands
[EMPTYTEMP]

 

- Schließe alle Programme

- Klicke auf den Button Fix

- Der PC sollte sich neustarten

- Dann das entstandende Log posten (öffnet sich nach dem Neustart)

 

Ich sehe im Foto, dass Du irgendwann mal Virenprobleme hattest? Weist Du was genau gefunden wurde? (Fundort+Fundname)?

 

 

Hallo Gerrit,

 

muss ich OTL wieder als Administrator ausführen starten?

 

Die gefundenen Viren waren Tracking-Cookies, die Norton beim Scan immer findet.

 

Kann ich den Fix auch morgen Nachmittag ausführen, da ich gleich Besuch bekomme? Was bewirkt er? Konntest Du beim Lesen meiner Logs schon etwas verdächtiges finden?

 

Entschuldige die vielen Fragen - herzlichen Dank schon mal!!!

 

mfg Klaus

So, als ich gerade beim Essen war, hat Norton wieder einen Schnellscan gemacht. So sieht das jetzt aus:

 

norton_auslastung_3.jpg

Entschuldige, wenn ich schon wieder nerve und störe: wieso haben die Fehlermeldungen der Datei Extras.txt Uhrzeiten, wo mein PC aus war? Z.B. hatte ich meinen PC heute Mittag nicht an. Oder hat das nichts zu bedeuten?

Hallo,

 

"muss ich OTL wieder als Administrator ausführen starten?"

 

Ja, all solche Programme sollten als Administrator ausgeführt werden.

 

"Kann ich den Fix auch morgen Nachmittag ausführen, da ich gleich Besuch bekomme? Was bewirkt er? Konntest Du beim Lesen meiner Logs schon etwas verdächtiges finden?"

 

Nein - nicht verdächtiges. Nur etwas Kosmetik.

 

"Entschuldige, wenn ich schon wieder nerve und störe: wieso haben die Fehlermeldungen der Datei Extras.txt Uhrzeiten, wo mein PC aus war? Z.B. hatte ich meinen PC heute Mittag nicht an. Oder hat das nichts zu bedeuten?"#

 

Ich weiß jetzt nicht genau was Du meinst. :smileyhappy:

 

Wenn Du den Fix durchgeführt hast, geht es weiter :smileyhappy:

Hallo,

 

ich habe eben das Fix ausgeführt. Der PC hat sich auch nach einer Aufforderung neu gestartet, aber nach Neustart öffnete sich kein Log.

 

mfg

Klaus

Diese Einträge in der Datei "Extras.txt" von OTL meinte ich - zu dieser Zeit war mein PC definitiv ausgeschaltet:

 

Error - 14.01.2013 10:57:42 | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 14.01.2013 10:59:43 | Computer Name = home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 14.01.2013 10:59:43 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069

Jetzt kam das Log, ich musste OTL nochmal starten.

 

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1631355932-3508569870-3946327709-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd981b38-7c7d-11e0-b157-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd981b38-7c7d-11e0-b157-806e6f6e6963}\ not found.
File E:\AutoRun.exe not found.
ADS C:\ProgramData\Temp:A88BE334 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Klaus
->Temp folder emptied: 55943242 bytes
->Temporary Internet Files folder emptied: 70639023 bytes
->Java cache emptied: 3199606 bytes
->FireFox cache emptied: 234209723 bytes
->Flash cache emptied: 2508 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: user
->Temp folder emptied: 1397147 bytes
->Temporary Internet Files folder emptied: 795794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17162947 bytes
->Flash cache emptied: 492 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31297238 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 395,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01152013_133102

Files\Folders moved on Reboot...
File move failed. C:\Users\Klaus\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...