Trojaner-Board - Offen Ein Rechner im Netzwerk hat langsame Internetverbindung, andere Rechner sind okay

OTL.txtOTL Logfile:

Code:

OTL logfile created on: 15.02.2011 17:16:20 - Run 1

OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\ampersand\Desktop\MFTools

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 77,00% Memory free

16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): c:\pagefile.sys 8190 14000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,65 Gb Total Space | 12,73 Gb Free Space | 13,04% Space Free | Partition Type: NTFS

Drive D: | 244,14 Gb Total Space | 198,31 Gb Free Space | 81,23% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 128,94 Gb Free Space | 52,81% Space Free | Partition Type: NTFS

Drive F: | 345,56 Gb Total Space | 298,21 Gb Free Space | 86,30% Space Free | Partition Type: NTFS

 

Computer Name: ZIGZAG4 | User Name: ampersand | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.02.15 16:56:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\ampersand\Desktop\MFTools\OTL.exe

PRC - [2010.12.09 08:31:02 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.11.17 10:27:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe

PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- E:\Xampp\Install\xampp\mysql\bin\mysqld.exe

PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- E:\Xampp\Install\xampp\apache\bin\httpd.exe

PRC - [2007.09.03 17:13:54 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

PRC - [2007.09.03 17:13:48 | 002,002,944 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

PRC - [2007.04.09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.02.15 16:56:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\ampersand\Desktop\MFTools\OTL.exe

MOD - [2011.01.14 12:12:08 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll

MOD - [2010.12.21 06:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll

MOD - [2010.11.17 14:30:35 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll

MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009.12.29 07:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll

MOD - [2009.07.14 02:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll

MOD - [2009.07.14 02:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMASF.DLL

MOD - [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll

MOD - [2009.07.14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll

MOD - [2009.07.14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll

MOD - [2009.07.14 02:16:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shunimpl.dll

MOD - [2009.07.14 02:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVCORE.DLL

MOD - [2009.07.14 02:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll

MOD - [2009.07.14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll

MOD - [2009.07.14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll

MOD - [2009.07.14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll

MOD - [2009.07.14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL

MOD - [2009.07.14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll

MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll

MOD - [2009.07.14 02:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll

MOD - [2009.07.14 02:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll

MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll

MOD - [2009.07.14 02:14:57 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\audiodev.dll

MOD - [2009.07.14 02:14:52 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcSpecfc.dll

MOD - [2009.07.14 02:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll

MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll

MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.01.19 19:58:23 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2009.07.28 16:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2011.01.07 16:12:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.12.09 08:31:02 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- E:\Xampp\Install\xampp\mysql\bin\mysqld.exe -- (MySQL)

SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- E:\Xampp\Install\xampp\apache\bin\httpd.exe -- (Apache2.2)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.09.03 17:13:54 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

SRV - [2007.09.03 17:13:48 | 002,002,944 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2010.11.26 08:34:49 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010.04.03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007.04.12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)

DRV:64bit: - [2007.04.10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2007.04.10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)

DRV:64bit: - [2007.04.10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)

DRV:64bit: - [2007.04.10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV:64bit: - [2007.04.10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2007.04.10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2007.04.10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2007.04.10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2007.04.10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2007.04.10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV:64bit: - [2007.04.10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)

DRV:64bit: - [2007.04.10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV:64bit: - [2007.04.10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV:64bit: - [2007.04.10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV:64bit: - [2007.04.10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)

DRV:64bit: - [2007.04.10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV:64bit: - [2007.04.10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV:64bit: - [2007.04.10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)

DRV:64bit: - [2007.04.10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)

DRV - [2009.04.23 11:02:20 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&amp;ie=UTF-8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.01 17:49:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.10 09:07:06 | 000,000,000 | ---D | M]

 

[2011.02.01 17:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ampersand\AppData\Roaming\mozilla\Extensions

[2010.11.17 09:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ampersand\AppData\Roaming\mozilla\Firefox\Profiles\h7liqix6.default\extensions

[2010.11.17 09:55:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ampersand\AppData\Roaming\mozilla\Firefox\Profiles\h7liqix6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.01 17:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AsioReg]  File not found

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: sports-premium-service.de ([fck] https in Vertrauenswürdige Sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~3\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.11 16:00:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2010 Zahlungserinnerung.lnk - C:\PROGRA~3\Lexware\Quicken\2010\billmind.exe - (Lexware GmbH & Co. KG)

MsConfig:64bit - StartUpFolder: C:^Users^ampersand^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FogBugz Screenshot.lnk - C:\PROGRA~3\FogBugz\SCREEN~1\SCREEN~1.EXE - (Fog Creek Software)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AsioThk32Reg - hkey= - key= - C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: FogBugz Screenshot Tool - hkey= - key= - C:\Program Files (x86)\FogBugz\Screenshot\screenshot.exe (Fog Creek Software)

MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

MsConfig:64bit - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.02.15 17:10:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.02.15 17:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.02.15 16:49:03 | 000,000,000 | ---D | C] -- C:\Users\ampersand\Desktop\MFTools

[2011.02.15 16:11:13 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011.02.15 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\ampersand\AppData\Roaming\Malwarebytes

[2011.02.15 16:05:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.02.15 16:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.02.15 16:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.02.15 16:05:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.02.06 00:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2011.02.04 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers

[2011.02.04 15:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SamsungPrinterLiveUpdate

[2011.02.04 15:13:49 | 000,000,000 | ---D | C] -- C:\Windows\Samsung

[2011.02.04 15:13:15 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\ssd2cci.exe

[2011.02.04 15:13:15 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\ssd2cci.dll

[2011.02.04 15:12:53 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll

[2011.02.04 15:12:53 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll

[2011.02.04 15:12:49 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll

[2011.02.04 15:12:49 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll

[2011.02.04 15:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

[2011.02.04 15:07:22 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\drivers\SSPORT.SYS

[2011.02.01 17:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011.02.01 17:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011.01.19 14:44:45 | 000,000,000 | ---D | C] -- C:\Users\ampersand\Documents\IISExpress

[2011.01.19 14:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express

[2011.01.19 10:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions

[2011.01.19 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1 Beta

[2011.01.19 10:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK

[2011.01.19 10:28:36 | 000,000,000 | ---D | C] -- C:\Windows\symbols

[2011.01.19 08:27:47 | 000,000,000 | ---D | C] -- C:\Windows\VS

[2007.04.09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.02.15 17:14:03 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.02.15 17:14:03 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.02.15 17:09:45 | 000,000,641 | ---- | M] () -- C:\Users\ampersand\Desktop\NTREGOPT.lnk

[2011.02.15 17:09:45 | 000,000,628 | ---- | M] () -- C:\Users\ampersand\Desktop\ERUNT.lnk

[2011.02.15 17:06:51 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.02.15 17:06:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.02.15 17:06:32 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys

[2011.02.15 17:06:32 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx

[2011.02.15 17:06:32 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx

[2011.02.15 17:06:32 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx

[2011.02.15 17:06:32 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx

[2011.02.15 17:06:32 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx

[2011.02.15 16:47:54 | 000,472,080 | ---- | M] () -- C:\Users\ampersand\Desktop\Load.exe

[2011.02.15 16:32:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.02.15 16:05:22 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.02.10 17:19:32 | 000,430,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.02.09 10:36:46 | 000,001,361 | ---- | M] () -- C:\Users\ampersand\Desktop\RL Kundenliste.xls.lnk

[2011.02.07 13:02:57 | 000,017,149 | ---- | M] () -- C:\Users\ampersand\Desktop\hoefler2.pdf

[2011.02.07 13:02:28 | 000,017,228 | ---- | M] () -- C:\Users\ampersand\Desktop\hoefler1.pdf

[2011.02.07 13:02:14 | 000,017,228 | ---- | M] () -- C:\Users\ampersand\Desktop\hoefler1.php

[2011.02.02 10:42:59 | 000,169,628 | ---- | M] () -- C:\Users\ampersand\Desktop\Signalplan.pdf

[2011.01.30 15:47:21 | 000,171,398 | ---- | M] () -- C:\Users\ampersand\Documents\uploads.wtf

[2011.01.24 14:21:43 | 000,344,633 | ---- | M] () -- C:\Users\ampersand\Desktop\24.02.png

[2011.01.24 14:21:36 | 000,556,667 | ---- | M] () -- C:\Users\ampersand\Desktop\24.01.png

[2011.01.24 13:58:00 | 000,001,513 | ---- | M] () -- C:\Users\ampersand\Desktop\hybrid-news - Verknüpfung.lnk

[2011.01.21 15:50:18 | 000,000,043 | ---- | M] () -- C:\Users\ampersand\AppData\Roaming\TheHunterSettings_live.cfg

[2011.01.19 10:52:57 | 001,811,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.01.19 10:52:57 | 000,775,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.01.19 10:52:57 | 000,729,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.01.19 10:52:57 | 000,177,990 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.01.19 10:52:57 | 000,150,588 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.01.19 10:52:49 | 001,811,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.01.18 09:05:57 | 000,001,101 | ---- | M] () -- C:\Users\ampersand\Desktop\RL - Verknüpfung.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011.02.15 17:09:45 | 000,000,641 | ---- | C] () -- C:\Users\ampersand\Desktop\NTREGOPT.lnk

[2011.02.15 17:09:45 | 000,000,628 | ---- | C] () -- C:\Users\ampersand\Desktop\ERUNT.lnk

[2011.02.15 16:54:56 | 000,472,080 | ---- | C] () -- C:\Users\ampersand\Desktop\Load.exe

[2011.02.15 16:05:22 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.02.09 10:36:46 | 000,001,361 | ---- | C] () -- C:\Users\ampersand\Desktop\RL Kundenliste.xls.lnk

[2011.02.07 13:02:57 | 000,017,149 | ---- | C] () -- C:\Users\ampersand\Desktop\hoefler2.pdf

[2011.02.07 13:02:28 | 000,017,228 | ---- | C] () -- C:\Users\ampersand\Desktop\hoefler1.pdf

[2011.02.07 13:02:14 | 000,017,228 | ---- | C] () -- C:\Users\ampersand\Desktop\hoefler1.php

[2011.02.04 15:13:50 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

[2011.02.04 15:13:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\ssd2cl6.dll

[2011.02.04 15:13:35 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\ssd2cl6.smt

[2011.02.04 15:11:52 | 000,133,757 | ---- | C] () -- C:\Windows\SmartCMS2.ico

[2011.02.04 15:11:52 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico

[2011.02.04 15:11:52 | 000,005,430 | ---- | C] () -- C:\Windows\AnyWeb Print.ico

[2011.02.02 10:42:59 | 000,169,628 | ---- | C] () -- C:\Users\ampersand\Desktop\Signalplan.pdf

[2011.01.30 15:47:15 | 000,171,398 | ---- | C] () -- C:\Users\ampersand\Documents\uploads.wtf

[2011.01.24 14:05:06 | 000,556,667 | ---- | C] () -- C:\Users\ampersand\Desktop\24.01.png

[2011.01.24 14:03:51 | 000,344,633 | ---- | C] () -- C:\Users\ampersand\Desktop\24.02.png

[2011.01.24 13:58:00 | 000,001,513 | ---- | C] () -- C:\Users\ampersand\Desktop\hybrid-news - Verknüpfung.lnk

[2011.01.18 09:05:57 | 000,001,101 | ---- | C] () -- C:\Users\ampersand\Desktop\RL - Verknüpfung.lnk

[2010.12.22 14:33:27 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini

[2010.11.23 10:17:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.11.20 10:06:49 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010.11.19 17:17:42 | 000,000,043 | ---- | C] () -- C:\Users\ampersand\AppData\Roaming\TheHunterSettings_live.cfg

[2010.11.19 09:30:54 | 000,000,660 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.11.17 16:05:52 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\lpng.dll

[2010.11.17 14:12:13 | 001,811,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.17 13:12:07 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010.11.17 13:12:02 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI

[2010.11.17 13:12:02 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI

[2010.11.17 13:12:02 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini

[2010.11.17 13:12:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2010.11.17 13:11:12 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll

[2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll

[2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll

[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll

[2007.04.09 12:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2007.04.09 12:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2007.04.09 12:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll

[2006.10.02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2005.06.16 10:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

 
 ========== LOP Check ==========

 

[2010.11.17 13:18:25 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\AceBIT

[2010.11.22 13:16:14 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\CodeRush for VS .NET

[2010.11.18 09:34:10 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\DataDesign

[2010.11.22 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\Eziriz

[2010.12.08 11:42:15 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\FinalBuilder6

[2010.12.10 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\FRITZ!

[2010.12.02 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\ISTool

[2011.02.15 09:41:54 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\KeePass

[2010.11.18 09:29:16 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\Lexware

[2010.11.17 15:55:22 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\Subversion

[2011.01.04 10:04:00 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\SuperMailer

[2010.11.18 09:14:19 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\Trillian

[2011.02.10 09:37:57 | 000,000,000 | ---D | M] -- C:\Users\ampersand\AppData\Roaming\WinTrack

[2009.07.14 06:08:49 | 000,031,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2010.12.21 14:41:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2008.12.12 17:21:06 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse

[2010.11.17 08:01:13 | 000,000,000 | -HSD | M] -- C:\Boot

[2009.09.30 08:11:14 | 000,000,000 | ---D | M] -- C:\Company

[2011.02.10 17:15:07 | 000,000,000 | ---D | M] -- C:\Config.Msi

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.05.05 08:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2008.12.11 17:17:37 | 000,000,000 | ---D | M] -- C:\Intel

[2008.12.11 22:51:08 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009.09.22 09:22:28 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2010.12.02 10:26:43 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.01.13 12:07:38 | 000,000,000 | R--D | M] -- C:\Programme

[2011.02.06 00:14:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2011.02.15 16:05:21 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.11.18 10:59:22 | 000,000,000 | ---D | M] -- C:\Programme

[2010.11.22 13:47:59 | 000,000,000 | R--D | M] -- C:\ProgrammeOld

[2010.11.17 08:24:34 | 000,000,000 | -HSD | M] -- C:\Recovery

[2008.12.11 21:23:52 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2011.02.15 17:17:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.04.12 08:21:23 | 000,000,000 | ---D | M] -- C:\Temp

[2010.11.17 09:56:34 | 000,000,000 | R--D | M] -- C:\Users

[2011.02.15 17:10:43 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe

[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 

< End of report >

--- --- ---

Extras.txtOTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 15.02.2011 17:16:20 - Run 1

OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\ampersand\Desktop\MFTools

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 77,00% Memory free

16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): c:\pagefile.sys 8190 14000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,65 Gb Total Space | 12,73 Gb Free Space | 13,04% Space Free | Partition Type: NTFS

Drive D: | 244,14 Gb Total Space | 198,31 Gb Free Space | 81,23% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 128,94 Gb Free Space | 52,81% Space Free | Partition Type: NTFS

Drive F: | 345,56 Gb Total Space | 298,21 Gb Free Space | 86,30% Space Free | Partition Type: NTFS

 

Computer Name: ZIGZAG4 | User Name: ampersand | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{0B4D413C-9E19-4087-AA21-D7BD1A9B3075}" = SQL Server 2008 R2 Common Files

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{236286C4-3C28-4275-9756-0013EB4D3423}" = SQL Server 2008 R2 Reporting Services

"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services

"{24BB9353-944E-46BC-BBA8-B8F83E8DBB51}" = Microsoft SQL Server 2008 R2-Setup (Deutsch)

"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64

"{307BFD68-0886-47AD-B461-5607F63B8B42}" = Microsoft Web Platform Installer 3.0

"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{440668AA-7524-40DB-966A-60BE535E1B3F}" = SQL Server 2008 R2 Database Engine Services

"{45D7270A-B929-4D67-B176-ABC81161B8ED}" = SQL Server 2008 R2 Database Engine Shared

"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)

"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 

"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8E4B6E39-A0A8-4AFD-91C7-56421C194C29}" = TortoiseSVN 1.6.11.20210 (64 bit)

"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 Full text search

"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared

"{B02FC165-1CEC-339D-AF68-CB7E1AF4A6A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{b1238c5d-4913-438e-889b-dcbecea68228}.sdb" = FinalBuilder 6 Vista Compatibility

"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{C66556CF-C671-36D6-BC9A-330FB2A6A007}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.31118

"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{CB95CD7D-FDCC-449A-86AE-67C257745A0B}" = Microsoft SQL Server 2008 R2 Native Client

"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{D49B01F1-79D6-4448-916E-152832EC3B64}" = SQL Server 2008 R2 Management Studio

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{DF50821A-058F-319E-9AF9-9CC418C2E0A0}" = Microsoft Help Viewer 1.1

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBA9369-3A6B-4EE3-9C53-DA0D29C2FC95}" = Microsoft SQL Server VSS Writer

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-Bit)

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-Bit)

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

".NET Reactor" = .NET Reactor

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{07A3A1C2-FC0D-3D8B-B667-19C4C48BC5D4}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4

"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{1336F674-3182-320E-9874-30BD246E0251}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.31118

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{159C8CD4-F780-49F7-B1A2-C12E85DCE959}_is1" = FinalBuilder 6.3.0.2172

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition

"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}" = Microsoft Silverlight 4 Toolkit April 2010

"{2F0DA0A1-281D-482D-A1DE-1DA443B6A430}" = Web Development Helper

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{32DC2E19-15E6-4AF6-B4FD-52C9CC3FF59A}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{3888A22E-1A9E-4DBE-A93B-42385141F37D}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4

"{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010

"{50ABF86D-0BDB-31AD-97FD-E8A55564EBF9}" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU

"{51051697-1E8A-4634-A9D4-C485B8C4B163}" = PostKIT

"{53AF9DC2-DA7A-43CE-82A8-F60ACAC851E9}" = Microsoft SharedView

"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight 4 Tools for Visual Studio 2010

"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service

"{59997DD7-9434-4D44-8DFA-26EB87DD96A1}" = WISE-FTP 6

"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3

"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)

"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4

"{6217A68F-02FF-46DE-BD62-C646FD07EF2C}" = WCF RIA Services V1.0 SP1 Beta

"{6732AE9F-CE1A-4DC7-A18D-A23CAA99724C}" = .NET Reactor

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739CBBD2-CC1B-4D61-BD95-C3CB50A487BF}" = IntelliLock

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78033A38-50E2-4A65-823F-C1B34DF9FE41}" = Microsoft SQL Server 2008 R2-Richtlinien

"{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}" = Quicken Import Export Server 2010

"{8343C2D8-09DF-38B3-9D1A-A26148918E45}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD113A8-811A-404E-A4D7-443D014946AC}" = Microsoft SQL Server Browser

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A4-0407-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003

"{946371A9-E29E-3CA2-997C-77B8056F0FF8}" = Microsoft Visual Studio 2010 Service Pack 1

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4

"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9E12684-DD23-4D11-ACAF-6041954BCA00}_is1" = ISTool 5.3.0.1

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU

"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{CA206913-EE9F-495F-AD43-032E5833EE13}" = AnkhSVN 2.1.8420.8

"{CC12DCBF-D85B-45B1-9366-8C3F708B362E}" = DDBAC

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{DCFC2E2D-E4D0-4BEC-8031-A5AB3777663E}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung

"{ECA50B39-24CE-4DF2-9580-363CDA54C204}" = Brother HL-5240

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{FF5E5774-5EA2-4357-AC88-88E0CABA38AA}" = IIS 7.5 Express

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Blend_4.0.20525.0" = Microsoft Expression Blend 4

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Design_7.0.20516.0" = Microsoft Expression Design 4

"DevExpress 2010.2 Components" = DevExpress 2010.2 Components

"DevExpress 2010.2 IDETools" = DevExpress 2010.2 IDETools

"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EOS Utility" = Canon Utilities EOS Utility

"ERUNT_is1" = ERUNT 1.1j

"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4

"FBDBServer_2_0_is1" = Firebird 2.0.3

"FogBugz Screenshot_is1" = FogBugz Screenshot

"FreePDF_XP" = FreePDF (Remove only)

"GPL Ghostscript 9.00" = GPL Ghostscript 9.00

"Inno Setup 5_is1" = Inno Setup QuickStart Pack version 5.2.3

"Inno Setup Script Includes_is1" = ISSI Version 5.1.9.0

"InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010

"InstallShield_{51051697-1E8A-4634-A9D4-C485B8C4B163}" = PostKIT

"InstallShield_{6B386834-004A-40E4-91E0-42ED28E8CC0B}" = PostKIT

"IntelliLock" = IntelliLock

"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1

"Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MyCamera" = Canon Utilities MyCamera

"NLog" = NLog - Advanced .NET Logging - v1.0-Refresh

"PhotoStitch" = Canon Utilities PhotoStitch

"Picture Style Editor" = Canon Utilities Picture Style Editor

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series

"SuperMailer_is1" = SuperMailer 5.40

"theHunter" = theHunter (remove only)

"Time And Business 2011_is1" = Time & Business 2011 11.0.1.2

"Trillian" = Trillian

"vShare" = vShare Plugin

"WANdiscoSubversion" = WANdisco Subversion 1.6.15-1 (remove only)

"Web_4.0.1165.0" = Microsoft Expression Web 4

"wintrack6_is1" = WinTrack Version 10.0 3D

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"202910120.www.microsoft.com" = Contacts

"2730750066.localhost" = TabLive Application

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 08.02.2011 12:52:42 | Computer Name = ZIGZAG4 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: devenv.exe, Version: 10.0.31118.1,

 Zeitstempel: 0x4ce50c95  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften

 Prozesses: 0x1418  Startzeit der fehlerhaften Anwendung: 0x01cbc7aa89fca116  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: d7902fcb-33a3-11e0-b957-0018380281b0

 

Error - 09.02.2011 14:14:28 | Computer Name = ZIGZAG4 | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Eine Zertifikatkette zu einer vertrauenswürdigen Stammzertifizierungsstelle

 konnte nicht aufgebaut werden.  .

 

Error - 10.02.2011 06:22:05 | Computer Name = ZIGZAG4 | Source = ASP.NET 4.0.30319.0 | ID = 1325

Description = An unhandled exception occurred and the process was terminated.    Application

 ID: DefaultDomain    Process ID: 6096    Exception: System.Runtime.InteropServices.InvalidComObjectException
 

Message:

 Ein COM-Objekt, das vom zugrunde liegenden RCW getrennt wurde, kann nicht verwendet

 werden.    StackTrace:    bei System.StubHelpers.StubHelpers.GetCOMIPFromRCW(Object

 objSrc, IntPtr pCPCMD, Boolean& pfNeedsRelease)     bei Microsoft.VisualStudio.Shell.Interop.IVsUIObject.get_Data(Object&

 pVar)     bei Microsoft.Internal.VisualStudio.PlatformUI.Utilities.GetObjectData(IVsUIObject

 obj)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Dispose(Boolean

 disposing)     bei Microsoft.VisualStudio.PlatformUI.CommandBars.CommandBarRootDataSource.Dispose(Boolean

 disposing)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Dispose()
 

   bei Microsoft.VisualStudio.PlatformUI.Automation.ControlCustomizer.Dispose(Boolean

 disposing)     bei Microsoft.VisualStudio.PlatformUI.Automation.CommandBarControl.DisposeManagedResources()
 

   bei Microsoft.VisualStudio.PlatformUI.Automation.CommandBarControl.Disconnect(IVsUISimpleDataSource

 pSource)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.<DisconnectEventSubscribers>b__6(UInt32

 cookie, IVsUIDataSourcePropertyChangeEvents subscriber)     bei Microsoft.Internal.VisualStudio.PlatformUI.CookieTable`3.ForEach(CookieTableCallback`2

 callback, Boolean skipRemoved)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.DisconnectEventSubscribers()
 

   bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Dispose(Boolean disposing)
 

   bei Microsoft.VisualStudio.PlatformUI.CommandBars.CommandBarRootDataSource.Dispose(Boolean

 disposing)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Finalize()

 

Error - 10.02.2011 06:22:05 | Computer Name = ZIGZAG4 | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 10.02.2011 06:22:06 | Computer Name = ZIGZAG4 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: devenv.exe, Version: 10.0.31118.1,

 Zeitstempel: 0x4ce50c95  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften

 Prozesses: 0x17d0  Startzeit der fehlerhaften Anwendung: 0x01cbc8f684df897f  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 9bd5de68-34ff-11e0-a0eb-0018380281b0

 

Error - 11.02.2011 05:33:41 | Computer Name = ZIGZAG4 | Source = ASP.NET 4.0.30319.0 | ID = 1325

Description = An unhandled exception occurred and the process was terminated.    Application

 ID: DefaultDomain    Process ID: 1432    Exception: System.Runtime.InteropServices.InvalidComObjectException
 

Message:

 Ein COM-Objekt, das vom zugrunde liegenden RCW getrennt wurde, kann nicht verwendet

 werden.    StackTrace:    bei System.StubHelpers.StubHelpers.GetCOMIPFromRCW(Object

 objSrc, IntPtr pCPCMD, Boolean& pfNeedsRelease)     bei Microsoft.VisualStudio.Shell.Interop.IVsUIObject.get_Data(Object&

 pVar)     bei Microsoft.Internal.VisualStudio.PlatformUI.Utilities.GetObjectData(IVsUIObject

 obj)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Dispose(Boolean

 disposing)     bei Microsoft.VisualStudio.PlatformUI.CommandBars.CommandBarRootDataSource.Dispose(Boolean

 disposing)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Dispose()
 

   bei Microsoft.VisualStudio.PlatformUI.Automation.ControlCustomizer.Dispose(Boolean

 disposing)     bei Microsoft.VisualStudio.PlatformUI.Automation.CommandBarControl.DisposeManagedResources()
 

   bei Microsoft.VisualStudio.PlatformUI.Automation.CommandBarControl.Disconnect(IVsUISimpleDataSource

 pSource)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.<DisconnectEventSubscribers>b__6(UInt32

 cookie, IVsUIDataSourcePropertyChangeEvents subscriber)     bei Microsoft.Internal.VisualStudio.PlatformUI.CookieTable`3.ForEach(CookieTableCallback`2

 callback, Boolean skipRemoved)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.DisconnectEventSubscribers()
 

   bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Dispose(Boolean disposing)
 

   bei Microsoft.VisualStudio.PlatformUI.CommandBars.CommandBarRootDataSource.Dispose(Boolean

 disposing)     bei Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Finalize()

 

Error - 11.02.2011 05:33:41 | Computer Name = ZIGZAG4 | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 11.02.2011 05:33:41 | Computer Name = ZIGZAG4 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: devenv.exe, Version: 10.0.31118.1,

 Zeitstempel: 0x4ce50c95  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften

 Prozesses: 0x598  Startzeit der fehlerhaften Anwendung: 0x01cbc9bd8b85504a  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 029c5ae6-35c2-11e0-a1ed-0018380281b0

 

Error - 15.02.2011 10:07:18 | Computer Name = ZIGZAG4 | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 15.02.2011 10:07:19 | Computer Name = ZIGZAG4 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Blend.exe, Version: 4.0.20525.0, 

Zeitstempel: 0x4bfc7d45  Name des fehlerhaften Moduls: Microsoft.Expression.DesignSurface.ni.dll,

 Version: 4.0.20525.0, Zeitstempel: 0x4bfc7d2e  Ausnahmecode: 0xc0000005  Fehleroffset:

 0x0065d9f5  ID des fehlerhaften Prozesses: 0x1754  Startzeit der fehlerhaften Anwendung:

 0x01cbcd12e48cc6f7  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft

 Expression\Blend 4\Blend.exe  Pfad des fehlerhaften Moduls: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\dbd56e5842c818ecba607034f08c670b\Microsoft.Expression.DesignSurface.ni.dll

Berichtskennung:

 e63d71dc-390c-11e0-bd9a-0018380281b0

 

[ OSession Events ]

Error - 05.01.2011 04:30:50 | Computer Name = ZIGZAG4 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 19.01.2011 06:26:57 | Computer Name = ZIGZAG4 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:

 12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1454

 seconds with 540 seconds of active time.  This session ended with a crash.

 

Error - 21.01.2011 10:07:07 | Computer Name = ZIGZAG4 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7248

 seconds with 660 seconds of active time.  This session ended with a crash.

 

Error - 01.02.2011 03:48:37 | Computer Name = ZIGZAG4 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 14.02.2011 17:41:36 | Computer Name = ZIGZAG4 | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler

 beendet: %%1.

 

Error - 15.02.2011 02:32:18 | Computer Name = ZIGZAG4 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 15.02.2011 02:32:27 | Computer Name = ZIGZAG4 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 15.02.2011 08:06:55 | Computer Name = ZIGZAG4 | Source = DCOM | ID = 10009

Description = 

 

Error - 15.02.2011 08:07:02 | Computer Name = ZIGZAG4 | Source = DCOM | ID = 10009

Description = 

 

Error - 15.02.2011 10:28:30 | Computer Name = ZIGZAG4 | Source = DCOM | ID = 10009

Description = 

 

Error - 15.02.2011 10:28:37 | Computer Name = ZIGZAG4 | Source = DCOM | ID = 10009

Description = 

 

Error - 15.02.2011 12:06:21 | Computer Name = ZIGZAG4 | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler

 beendet: %%1.

 

Error - 15.02.2011 12:06:42 | Computer Name = ZIGZAG4 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 15.02.2011 12:06:55 | Computer Name = ZIGZAG4 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

 

< End of report >

--- --- ---