die jrt.txt Datei: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Rolf on 29.07.2013 at 17:52:49,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1351351
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] "C:\Windows\system32\conduitengine.tmp"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Rolf\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Rolf\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Rolf\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
~~~ FireFox
Successfully deleted: [File] C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\user.js
Successfully deleted: [Folder] C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\prefs.js
user_pref("extensions.asktb.AviraIDW-TS", "1319826843056");
user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xmlns=\"hxxp://websearch.ask.com/widgets\">\n <widget_url>hxxps://aviratoolb
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.OOBEVersion", "1");
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "JM");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2011.07.02+09.58.39-toolbar008iad-DE-RXJmdXJ0LEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.first-launch-url", "hxxp://news.tchibo.de/go/1/O4XDNOX-O30BN8Q-O2DVARN-15KHEFK.html");
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "c57b453c-bd5d-40b1-800e-eeec0858d954");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1375084487900");
user_pref("extensions.asktb.last-search-timestamp", "1374425852779");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Erfurt,Germany");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.notification-shown", true);
user_pref("extensions.asktb.o", "100000080");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "20");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "KTH-XW4300/1G||Pavilion Media Center m7791||Festplatte für Pavilion Media Center m7791||Biathlon||Therme Bad Kissingen||H
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "18.06.2012 19:11:18");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.26.100015");
user_pref("extensions.asktb.version", "5.15.26.45268");
Emptied folder: C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\minidumps [67 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2013 at 17:55:28,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ hier die AdwCleaner[S1].txt
AdwCleaner Logfile: Code:
# AdwCleaner v2.306 - Datei am 29/07/2013 um 18:17:37 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Rolf - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rolf\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\searchplugins\11-suche.xml
Gelöscht mit Neustart : C:\Users\Rolf\AppData\Local\Temp\Zynga
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Rolf\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Rolf\AppData\LocalLow\Softonic_Deutsch
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72465536-6AFD-41E0-83C7-B45EFDA07DBA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{72465536-6AFD-41E0-83C7-B45EFDA07DBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{823D3FB7-1DE7-45EA-81C8-157CBE8AF686}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26951963-1D44-4AE3-B5BF-576D6E3581F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BADA4D-69DC-444A-8685-F1429725724F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72465536-6AFD-41E0-83C7-B45EFDA07DBA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\f8w0ilec.default\prefs.js
Gelöscht : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [10087 octets] - [29/07/2013 18:17:37]
########## EOF - C:\AdwCleaner[S1].txt - [10148 octets] ########## --- --- ---
OTL extras.txt:
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 29.07.2013 18:33:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rolf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,71% Memory free
6,22 Gb Paging File | 4,80 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,98 Gb Total Space | 10,12 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,65 Gb Free Space | 12,18% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC6740D-6ED3-4487-953E-5362C07B5990}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0FCBC951-810E-430D-A9C6-30CB99C35028}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15216971-76AD-4B6D-A3B0-5328543EA06B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A7A6CD3-5DD5-49BC-A2D4-A4262FEC92A4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{25821E95-E442-4EE8-AB25-86462222841B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{370E2C68-9178-4F8A-900A-8154706D0288}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{3D11DC3E-BBEF-4BC5-ACA0-DAF13F699CBC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E4A589A-34C9-4536-9148-6F54BEE0E59F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44226056-5095-4B33-A2E8-21E43E173A2A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{49FD8BE8-B88A-477E-80D8-F520D60710F4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CEF8164-A8D0-45B8-BB0E-E7F2A712B8F6}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{6D3DD1BD-AAF5-4333-8BBD-7CFB2B48CF4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D7372CD-4547-4EC9-B1DC-8C938DD94F07}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{833F3A9C-8AF0-4510-BB15-7E39A03A3271}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88672968-0F2C-4F09-92F5-8310283DEC83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{888FCF29-E66D-4590-B136-3E40AC0AA310}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E9FA37C-BF74-4D95-8FE4-D5E8A7E661C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96D51A45-5033-48CA-B265-8EEA2FFF5E8A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B27B2260-B486-4649-9A04-8CF85AD8A16C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCEDE45D-CAB7-4CE1-BEA4-E154B7ACD322}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C1EB345B-50B5-437E-897D-8D1F1DE5C32F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C96507E9-084E-47E6-9D1E-369A32A5954F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE87CC3F-3A1E-4404-9D61-A5E226F52FE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6A13C32-B533-4656-93B8-F34BA32A0E10}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F5C4A852-A495-4951-AC8A-6B801F0AC1A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F707D3AB-4E7E-4B85-AF43-3DBF24A1E526}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA33D1FC-812D-4E19-8B44-B453698B984E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E6272B-3B8B-4563-A9D4-420F07C67D87}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0525D3FE-2F75-41C3-BD94-11CDCC703410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0679A0DD-8E47-45E4-8A72-3CC8B63F9F0A}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{0D4A9CD8-08A7-4BFC-AAB7-A18776A773E0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DDAE263-798E-49A9-A204-A107D9106B48}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15AAAA9A-0881-4F5F-815B-332A68EED762}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AF072A2-5109-46F3-BEF1-37B397C08A54}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{205DF206-3F38-4DA3-ABD5-2DBF5764018D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{21A2F279-E466-46BE-8A97-E51DBD4F2B13}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{245085FC-BD3B-4494-BE36-A41EED770DE7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{24A78CC5-70CF-405D-955A-BCA856FA7E4C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{25249F0B-8F72-4F7E-86E8-6623CD9952F8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{255222BC-CE1A-4844-B7DD-9C9DBBB572F5}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{2C2D2614-9ECC-43BB-B96D-C36498EE296F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31D0E16B-7B26-4002-91B7-8B6BADE9ABCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38DF9034-5746-4A51-A51A-E01AA3155087}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{39F959EF-577E-421B-8898-2B5646CC390D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{425E6C65-EDF1-4BE7-A5E2-E344E5773A8F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48F4583E-4808-4AC0-BC54-72670AA83DC7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4DF5BA8E-CEDD-4F08-A88D-7CC8812593DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{52278921-DBE6-4896-BBCB-3D79C9A72B71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54605251-832F-45F3-B6DC-9101D709C3A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55A5F4DC-669F-4163-BFAF-CF9DEC78BB43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55E9F47F-A2D1-48B9-9C26-2892F38C5F84}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{58113509-3BBF-400B-9726-4668A55B565D}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{594B3692-6ADB-4CA1-BF49-DF231DF4B45E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{59E933AA-80FF-42FA-9747-094836136090}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5ACB4E3E-88B2-4A9D-9B72-BFC34405A7DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5BA69436-F53F-4239-90F5-20B5C077DEF9}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{661A5955-8683-42FE-B9DE-7E00194577F6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{68AC001A-3FA5-4A7A-A10B-5F9A5B9CBF99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6FF47708-A697-492C-9BB0-E47423E92D85}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7112FBDF-209E-4F15-A6C9-39B938684246}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7353F4F6-0049-4D56-A1FB-F5D12C4842E9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{7861B872-DED2-4256-B4AF-3C066C112108}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A8A1300-B8D9-432C-A1AB-A41219C627A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C629364-7082-496C-8D11-03ED652FFA97}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DAA1721-3E75-4866-863B-F4F3F33FEB92}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80D2FA25-B864-4AAA-BFFF-1EF7B9DE3D4E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82A9AE32-1EBD-4565-A336-E4EC02AEE640}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{867AB1E8-F2DB-4A34-9B94-3F270B28C518}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93156E1B-2274-4B4A-891A-74F9B5DDA8C3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{949E3CF1-A690-4B3E-BF4F-1C355BDD0EB0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{94AD5A9C-714E-4F23-A80A-9D2044B09655}" = protocol=6 | dir=in | app=c:\program files\fritz!\fboxset.exe |
"{9AD71942-4E18-4875-841F-2E9770432E30}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{9CAA975C-1310-4AEC-B280-0FB1DEBD7039}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D608A0E-F7FA-4714-9860-E505B77A92C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A7595784-6E9B-4200-A970-806A408583B0}" = protocol=6 | dir=out | app=system |
"{AA4B4DE3-7524-4867-93FA-5C564DCF2138}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{AB208401-8FE5-4E65-B544-7C01CC49F026}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC410E42-133B-4F8A-BFC4-C81539A6403A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACCA302C-58AD-4D2C-932C-5430BBBF7FF1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0C3AB45-4366-4050-836E-DE47AE5D936F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B22263E1-29D8-4B98-B6E6-AA402AE17BE3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B27DFE65-2E27-45C2-A4DE-643ED41091C7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4EBA1B0-636A-4336-95FC-1D1CC08A79D9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B7BF87A7-BDEE-44A2-AC5F-65BE4293B96F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{BBE22A43-161F-4C22-8602-87B971506A92}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC9889F6-7D46-4AFA-9A54-865901B86680}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD3089D7-7B16-44CB-BF9A-C5198E83686C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0397E50-B2E7-4255-BF9A-CFC4CB14CB4C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C076EB4E-39E9-4877-BB81-AB18E595FC98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90C2203-1A9D-4318-92F6-5F46F5A2607F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC2CCA5A-4DF8-45D5-816F-25CABBF9AAAE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CD923069-5AFC-454B-AC38-EAD04180A168}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE50AD7E-9FAB-4BC0-82FC-0CD076A3806E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFA94AC9-BF55-4B04-A9C1-36B1B5753EAA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D061F8CD-039F-4D1C-9815-FD77F28EFB9C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D0D05B35-6BC5-44E8-9EAB-2E7CF31CFFB9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D2FD84F1-89F9-44B9-AC0D-B7E3E5ACD2E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D466C1F1-168F-416E-B888-679BCBD02D0E}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{D655FD66-370E-4DC9-A272-26468C89D701}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D6F6FFF0-3802-4BF0-93FD-8F8A85592227}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{D89748A5-316D-4470-B901-A6D43E929AFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D96F6939-5444-4572-A540-E2C503ABA562}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC003BE2-7B3A-4789-8905-3E2FCEA6D19D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD8BB9B6-D1C6-45C6-B39D-22ED6B21A215}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFBCFB19-8E99-414B-8031-FEDC5CD93646}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E3A66394-3BA5-483B-A954-5FB7F20997F3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E40E34AA-0CA6-4840-BD67-B74BAB3EF8D9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ECE60037-F090-49CB-A05D-0F28EC789997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF20D322-0F9A-4666-ABAB-FE3D3C74A9DD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F616BB60-A4E5-49B1-A1D2-C471264A4E5B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F927DB9E-159E-482B-8B06-2DE30A6B4386}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9482B33-BACB-4109-8FAB-C0D1A9C71063}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB7F83D2-12CF-47DD-9980-532378E379E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC00A9D5-5DCC-46A1-8C45-DEDBC314D2AF}" = protocol=17 | dir=in | app=c:\program files\fritz!\fboxset.exe |
"TCP Query User{08D0B20C-C02D-46C7-BD76-F6254A862AF1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0D55F987-4B59-42A9-8C26-EB65DE7081AA}C:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{1E8E20B1-8C70-4ABF-8FD7-4497D410D00C}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{43C7B377-93A6-40EE-AB5C-195884FA0A05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8DF8B88C-BB4C-4C2F-8135-F44849662085}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{907C876B-60D9-4285-8C8E-0D9993DD4D80}C:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{95385CE8-5955-4B4D-A915-F0DBD977B121}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{DE70C13F-BDF8-494F-A4CD-377705D0B54B}C:\program files\internetradio player\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\internetradio player\ps_olect.exe |
"TCP Query User{E4D22ACD-A934-4EC9-88BD-790F95B0014E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E5415C13-51F9-4C71-9371-6F820AEEB8C6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F2EF8077-E286-4505-97A9-14DB5F6DD894}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{F9163499-9463-4848-B700-9B0E9FA22D27}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{048443B0-1BE7-4B14-B86D-18B7F15F9A2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1CC1113A-44D9-44B9-BFB2-0EB225CC2EA0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{36778B79-8173-42BB-9333-2BD372130D62}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{5881798B-0EDB-4DB3-B655-0EACABA489B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5F6ACAF4-2C26-4DCA-8DFD-B2DDA255FB1C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{640688D0-0EC7-4DB7-A001-541BC3F17595}C:\program files\internetradio player\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\internetradio player\ps_olect.exe |
"UDP Query User{79118E27-B4E4-45CF-8950-73FDA951B2E7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{8B59F715-7C21-485A-83A6-591149A309A9}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{973AFAD3-F3FB-47F2-9F42-2817A3E41FBB}C:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{C9526E02-5F29-4A3A-AED5-D5D34D54AB90}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{CDEDB5B6-B2DD-4CA8-A808-B159AF31D1F3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E2DA5F86-1621-44E1-BE0C-32F2E05B84ED}C:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\temp\_istmp1.dir\_ins5576._mp |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BF9524E-AF30-4A21-A55F-162EB1F72358}" = Falk Navi-Manager
"{1DA770BB-419D-480B-8DD6-F5C4042D73F6}" = WISO Rechnungsbuch 2008
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{299A33DF-313A-4C38-9610-71FDA80D5E02}" = WISO EÜR & Kasse 2009
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DD30F74-520A-4513-ACE8-FFF5117EACC6}" = StarMoney
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3F055F6A-049B-4D8E-BA00-3B77C11A968F}" = Falk Navi-Manager
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FE82F4B-B7D8-4E65-84AD-E0436CDE57DD}" = ArcSoft PhotoImpression 5
"{52D4013E-3FEC-4C08-AAA8-CC24985A04E1}" = WISO EÜR & Kasse 2010
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65415AC9-0D2B-4A0F-9786-28748640F781}" = Falk Navi-Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7117C6B9-110A-4667-B4FD-8334ED976492}" = WISO EÜR & Kasse 2011
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E653036-DE31-4BFD-96BB-421CC72E06FC}" = PHOTOfunSTUDIO 6.1 HD Lite Edition
"{8013FB2B-4785-4B83-8CA2-C1B93C246422}" = Falk Navi-Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83DA46EC-2CB1-4649-9100-C4F98D8DA8CD}" = ArcSoft MediaConverter 2
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924A365C-6727-42B9-91AC-C8C2CAC0B835}" = Falk Navi-Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5C57D1-3B27-4B41-89E6-C74C6937F4FB}" = Falk Navi-Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE2F68-FAFC-4826-9951-E38232406CDF}" = Falk Navi-Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF421DF1-EA0D-481C-917C-FBEA8C890929}" = Falk Navi-Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CC038D57-788A-4544-BF8F-179E5CF50D2F}" = Microsoft Visual C++ 2005 SP1 CRT Redistributable
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DEA26700-69D8-4EE1-AD8A-609BD28965E6}" = Falk Navi-Manager
"{DFE506AB-DDEA-4C94-BDE0-C26F4B21C71A}" = Falk Navi-Manager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E74F33A1-D852-4FC0-A74B-54662E407187}" = Falk Navi-Manager
"{E883DCB3-766D-4166-8B28-33C8FE451F2B}" = ArcSoft ShowBiz DVD 2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MERTEN SCHALTER-MANAGER_is1" = MERTEN SCHALTER-MANAGER 2013.0.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSMONEYV70" = Microsoft Money 99
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RealPlayer 16.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"System Tweaker_is1" = Uniblue System Tweaker
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Works99Setup" = Microsoft Works Setup Launcher
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 29.07.2013 12:23:01 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2013 12:23:04 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 29.07.2013 12:23:23 | Computer Name = Home-PC | Source = WMPNetworkSvc | ID = 866312
Description =
Error - 29.07.2013 12:23:23 | Computer Name = Home-PC | Source = WMPNetworkSvc | ID = 866312
Description =
Error - 29.07.2013 12:23:26 | Computer Name = Home-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 29.07.2013 12:23:26 | Computer Name = Home-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
< End of report > --- --- ---
[/CODE]
und zum Schluss die OTL Datei:
OTL Logfile: Code:
OTL logfile created on: 29.07.2013 18:33:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rolf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,71% Memory free
6,22 Gb Paging File | 4,80 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,98 Gb Total Space | 10,12 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,65 Gb Free Space | 12,18% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Rolf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\ieconfig_1und1_svc.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b369565297de5b18e488962a43164f59\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\40569a773af7fcc0d27e7557898a74b7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll ()
MOD - C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()
========== Services (SafeList) ==========
SRV - (CLTNetCnService) -- File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Remote UI Service) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (AlertService) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Programme\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (s116unic) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (OVT511Plus) -- C:\Windows\System32\drivers\omcamvid.sys (OmniVision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D3844177-53F9-4AFB-BA06-F7800FDC1EB4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{39C439B0-23AC-4372-9A43-81B577F16510}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{B9A020A0-1408-4A72-9C2F-5882ABBDB355}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{D3844177-53F9-4AFB-BA06-F7800FDC1EB4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\SearchScopes\{DD9EA294-F754-4A74-B75E-7B5FDF70F2C2}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-2962811509-3781454280-90558866-1003\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.07.14 08:37:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.02 21:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.14 08:36:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.02 21:55:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.14 08:36:55 | 000,000,000 | ---D | M]
[2010.01.06 23:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Extensions
[2013.07.29 17:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\f8w0ilec.default\extensions
[2010.07.18 09:41:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\f8w0ilec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.07.21 18:56:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\f8w0ilec.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.07.20 10:34:13 | 000,621,019 | ---- | M] () (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\extensions\toolbar@web.de.xpi
[2013.07.20 10:35:05 | 000,001,050 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\11-suche-1.xml
[2013.07.20 10:35:05 | 000,002,418 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\englische-ergebnisse-1.xml
[2013.05.26 13:53:07 | 000,002,418 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\englische-ergebnisse.xml
[2013.07.20 10:35:05 | 000,010,701 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\gmx-suche-1.xml
[2013.05.26 13:53:07 | 000,010,701 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\gmx-suche.xml
[2013.07.20 10:35:05 | 000,002,432 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\lastminute-1.xml
[2013.05.26 13:53:07 | 000,002,432 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\lastminute.xml
[2013.07.20 10:35:05 | 000,005,682 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\webde-suche-1.xml
[2013.05.26 13:53:07 | 000,005,682 | ---- | M] () -- C:\Users\Rolf\AppData\Roaming\mozilla\firefox\profiles\f8w0ilec.default\searchplugins\webde-suche.xml
[2013.07.02 21:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.07.02 21:55:50 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.14 08:36:41 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealDownloader = C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [Reminder] C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2962811509-3781454280-90558866-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62978D89-AA6C-46B1-81DE-73A4D305E983}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ef1d6fe-954e-11de-86ae-001a921022c7}\Shell - "" = AutoRun
O33 - MountPoints2\{6ef1d6fe-954e-11de-86ae-001a921022c7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{d01b34d1-17a9-11dd-9e6c-001a921022c7}\Shell - "" = AutoRun
O33 - MountPoints2\{d01b34d1-17a9-11dd-9e6c-001a921022c7}\Shell\AutoRun\command - "" = H:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.29 18:30:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe
[2013.07.29 17:52:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.29 17:50:10 | 000,562,353 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rolf\Desktop\JRT.exe
[2013.07.26 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.26 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\Rolf\Desktop\mbar-1.06.0.1004
[2013.07.26 19:57:45 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.26 19:55:55 | 001,220,112 | ---- | C] (Farbar) -- C:\Users\Rolf\Desktop\FRST.exe
[2013.07.26 19:18:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.07.14 08:38:02 | 000,000,000 | ---D | C] -- C:\Users\Rolf\AppData\Roaming\RealNetworks
[2013.07.14 08:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013.07.14 08:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.07.14 08:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013.07.14 08:36:55 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013.07.14 08:36:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.07.14 08:36:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.07.14 08:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.07.10 22:59:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.07.10 22:59:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.07.10 22:59:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.07.10 22:59:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.07.10 22:59:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.07.10 22:59:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.07.10 22:59:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.07.10 22:59:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.07.10 21:49:59 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.07.10 21:49:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.07.10 21:49:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.07.10 21:49:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.07.10 21:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.07.10 21:49:44 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.07.10 21:49:44 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.07.10 21:49:44 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.07.10 21:49:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.07.10 21:49:43 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.07.10 21:49:43 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.07.02 21:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009.11.28 16:12:59 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3ACE.dll
========== Files - Modified Within 30 Days ==========
[2013.07.29 18:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe
[2013.07.29 18:21:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.29 18:21:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 18:21:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 18:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.29 18:21:16 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.29 18:19:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.07.29 18:19:05 | 000,000,104 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.29 18:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.29 17:51:12 | 000,666,633 | ---- | M] () -- C:\Users\Rolf\Desktop\adwcleaner.exe
[2013.07.29 17:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.29 17:50:10 | 000,562,353 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rolf\Desktop\JRT.exe
[2013.07.29 17:48:26 | 010,648,480 | R--- | M] () -- C:\Users\Rolf\Documents\Meine Finanzen Sicherungskopie070507.mbf
[2013.07.26 20:56:22 | 013,399,154 | ---- | M] () -- C:\Users\Rolf\Desktop\mbar-1.06.0.1004.zip
[2013.07.26 20:52:07 | 000,377,856 | ---- | M] () -- C:\Users\Rolf\Desktop\gmer_2.1.19163.exe
[2013.07.26 20:49:03 | 000,332,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.26 20:24:03 | 000,001,356 | ---- | M] () -- C:\Users\Rolf\AppData\Local\d3d9caps.dat
[2013.07.26 19:55:56 | 001,220,112 | ---- | M] (Farbar) -- C:\Users\Rolf\Desktop\FRST.exe
[2013.07.14 08:37:30 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.07.14 08:36:55 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013.07.14 08:36:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.07.14 08:36:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.07.14 08:36:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013.07.14 08:27:39 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.10 23:07:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.10 23:07:25 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.10 23:07:25 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.10 23:07:25 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2013.07.29 18:17:55 | 000,000,104 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.29 17:51:11 | 000,666,633 | ---- | C] () -- C:\Users\Rolf\Desktop\adwcleaner.exe
[2013.07.26 20:58:46 | 000,002,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
[2013.07.26 20:58:46 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.07.26 20:58:46 | 000,001,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.07.26 20:58:46 | 000,001,159 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.07.26 20:58:46 | 000,001,033 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
[2013.07.26 20:58:46 | 000,000,941 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2013.07.26 20:58:46 | 000,000,851 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
[2013.07.26 20:56:09 | 013,399,154 | ---- | C] () -- C:\Users\Rolf\Desktop\mbar-1.06.0.1004.zip
[2013.07.26 20:52:07 | 000,377,856 | ---- | C] () -- C:\Users\Rolf\Desktop\gmer_2.1.19163.exe
[2013.07.26 20:48:49 | 3219,611,648 | -HS- | C] () -- C:\hiberfil.sys
[2013.07.14 08:37:30 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.09.11 08:19:02 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2012.01.07 18:12:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.07 18:12:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.01.07 18:12:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.01.07 18:12:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.01.07 18:12:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.01.07 18:12:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.01.07 18:12:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.01.07 18:12:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.01.07 18:12:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.01.07 18:12:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.01.07 18:12:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.01.07 18:12:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.07 18:12:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.01.07 18:12:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.01.07 18:12:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.07 18:12:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.01.07 18:12:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.01.07 18:12:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.01.07 18:12:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.06.04 21:14:49 | 000,001,356 | ---- | C] () -- C:\Users\Rolf\AppData\Local\d3d9caps.dat
[2009.08.30 12:22:35 | 000,000,054 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\wklnhst.dat
[2008.10.28 22:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.19 12:58:48 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2007.10.07 18:36:02 | 000,023,888 | ---- | C] () -- C:\Users\Rolf\AppData\Roaming\UserTile.png
[2007.09.23 23:33:19 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.21 20:13:34 | 000,050,176 | ---- | C] () -- C:\Users\Rolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > --- --- --- |