| Taschenlampe | 14.08.2012 12:41 |
Hier ist der log von Malwarebytes: Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download
Datenbank Version: v2012.08.13.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Taschenlampe :: Taschenlampe [Administrator]
13.08.2012 20:11:26
mbam-log-2012-08-13 (20-11-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 532231
Laufzeit: 3 Stunde(n), 25 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Program Files (x86)\PersSecurity (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 4
C:\Users\Taschenlampe\AppData\Roaming\msconfig.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Taschenlampe\Downloads\virtualcity.exe (Adware.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\PersSecurity\psecurity.exe.tmp1 (Rogue.PersonalSecurity) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| Hier die Logfiles von OTL:
OTL Logfile: Code:
OTL logfile created on: 14.08.2012 13:45:27 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Taschenlampe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 64,41% Memory free
7,73 Gb Paging File | 6,15 Gb Available in Paging File | 79,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 80,21 Gb Free Space | 17,48% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 231,69 Gb Free Space | 50,49% Space Free | Partition Type: NTFS
Drive E: | 264,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: Taschenlampe-PC | User Name: Taschenlampe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Taschenlampe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvolwin7.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaywin7.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirwin7.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfswin7.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Taschenlampe\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 12:38:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.20 18:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.12 23:01:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.20 18:57:57 | 000,000,000 | ---D | M]
[2010.05.31 12:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Extensions
[2010.05.31 12:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.04 21:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions
[2012.07.16 10:57:05 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.04.25 08:24:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.03.24 22:03:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 07:28:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.12 16:24:41 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-1.xml
[2010.07.24 20:43:04 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-2.xml
[2010.09.10 11:37:48 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-3.xml
[2011.03.03 13:13:18 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-4.xml
[2010.02.03 16:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin.xml
[2012.04.29 09:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.14 14:41:00 | 000,012,128 | ---- | M] () (No name found) -- C:\USERS\Taschenlampe\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM7NX968.DEFAULT\EXTENSIONS\{600452E8-6851-46DB-80FD-FA571B2DEAA7}.XPI
[2012.07.19 00:08:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.12 19:41:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.18 19:34:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 19:34:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 19:34:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 19:34:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 19:34:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 19:34:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
O1 HOSTS File: ([2010.05.10 16:27:59 | 000,001,345 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\Toolbar\WebBrowser: (no name) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D199494-D772-4AD0-B440-63AD0C313BD5}: DhcpNameServer = 130.149.7.7 193.174.75.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A31B4507-1C36-4DF5-A6F8-E2202D83664F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b3b74fc-7a36-11e0-bedf-90fba62c0a20}\Shell - "" = AutoRun
O33 - MountPoints2\{6b3b74fc-7a36-11e0-bedf-90fba62c0a20}\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.13 20:11:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Taschenlampe\Desktop\OTL.exe
[2012.08.13 20:08:01 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Roaming\Malwarebytes
[2012.08.13 20:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.13 20:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.13 20:07:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 20:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.13 20:05:44 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Taschenlampe\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.12 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Roaming\Avira
[2012.08.12 23:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.12 23:34:25 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.12 23:34:25 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.12 23:34:25 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.12 23:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.12 23:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.12 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{246893A9-A85E-4707-AF07-B8F8A2C14A14}
[2012.08.12 16:22:54 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{476060C5-2638-4022-8C42-81EFEF75E37B}
[2012.08.10 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{78003F7B-E04C-4BCC-BE8A-14DE41E896AF}
[2012.08.10 16:56:57 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{60EAE8AF-EA01-477E-B83D-DD0A36BCE821}
[2012.08.09 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
[2012.08.09 21:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winmail Opener
[2012.08.09 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{EA5F5200-E849-4B29-A5A1-8AE75E9CA566}
[2012.08.09 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{4A9B1041-A2BD-414F-B677-E852A61CE292}
[2012.08.08 21:36:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{05074FE3-5C6E-478E-BAD5-97BD8C42128A}
[2012.08.08 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{BFB25EA9-4073-4748-A32C-B894CEDEAFDB}
[2012.08.07 20:58:35 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{209AAC11-9F31-41BB-A17A-956147663D2F}
[2012.08.07 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{E6F1F129-5FF9-429C-9BEA-6CB64591EDB0}
[2012.08.05 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{99008F22-B045-4592-A17F-12CE556AF0C8}
[2012.08.05 09:32:29 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{BFEDD613-DB4C-4C3B-A863-FB96B3CE6692}
[2012.08.05 09:32:17 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{42E4EA1B-6EA4-4BE5-AD53-F94EF8B63AD0}
[2012.08.04 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{51C078FE-5219-41FD-810D-057D0FA7F0EF}
[2012.08.04 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{60539D4D-2FC7-473B-A4CD-8E776808E670}
[2012.08.03 19:13:17 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{87FD4097-84BE-4416-86AC-FE266BF98446}
[2012.08.03 19:13:04 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{FD4F6646-6331-4A99-8B17-DD8B59A1F0DE}
[2012.08.02 17:05:07 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{E697E1D0-3173-42B0-9809-63DD7F2A6285}
[2012.08.02 17:04:54 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{69AAB778-3E6A-403C-A840-8B2C9A4BF2EE}
[2012.08.01 19:46:17 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{EAAE31B3-8994-4EE9-9FED-8CDF57EA8FEE}
[2012.08.01 19:46:06 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{97A76511-2827-4045-BC0E-84B0E1B87AD4}
[2012.07.31 15:59:36 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{838328B5-3A5E-4951-93A0-A50A2462D818}
[2012.07.31 15:59:22 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{18D1A8F4-16F6-4CCD-9F94-547E0E7BF260}
[2012.07.30 12:53:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{3099DE27-E58D-44E3-B0A7-8D08C5F82B9D}
[2012.07.30 12:52:55 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{D35690EA-E41F-4A3B-B033-B1CA4E335204}
[2012.07.29 11:28:55 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{9FE3D0C1-E446-4A73-A9CB-4447EB9C0593}
[2012.07.29 11:28:42 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{5B6BEB56-AD5B-44E5-B8EC-96C49642E833}
[2012.07.26 10:20:50 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{5E4C3160-747E-4283-A3CC-B858C5D064A5}
[2012.07.26 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{69867BAF-79BF-4F4A-9755-B9DB8DC8EC3D}
[2012.07.25 11:34:43 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{2E56CDC2-4521-4818-B372-4D500049B55B}
[2012.07.25 11:34:30 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{A55436FA-592A-4921-ABFC-108265314B67}
[2012.07.24 10:32:31 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{87E5D320-077C-4E25-A4D7-A8487065ED48}
[2012.07.24 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{5E6FE26D-DD9A-45C0-A741-B5AD83FFE068}
[2012.07.23 13:20:01 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{AAFD030A-77F3-4329-BC91-E62635A27141}
[2012.07.23 13:19:49 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{B16F8E58-BFE5-4380-A14F-3FFE09241375}
[2012.07.22 12:13:54 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{1A0D6121-1B07-4A0D-9433-E8D224AE902F}
[2012.07.22 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{AB4FEFE5-DC92-451F-A140-A0DE3A84A23A}
[2012.07.21 21:16:11 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{549BACA7-AC00-4B25-B2D3-A75D747DB4D2}
[2012.07.21 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{707E098E-279A-4F72-BCD3-0371BD969F15}
[2012.07.21 09:15:22 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{B1897087-BB62-4CA7-ACFD-F3E40447D720}
[2012.07.21 09:15:09 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{DFE1F7CC-34FE-4E62-BCCD-F7B12C7AC17D}
[2012.07.19 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{EA3422A2-0D6D-420E-826B-C510EFABA6BB}
[2012.07.19 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{79F533F7-07F5-436B-8B89-34F52BAADAC0}
[2012.07.18 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{75BCB0D1-31EE-4F98-BF61-F060E6A64362}
[2012.07.18 20:06:48 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{07053BE7-1192-4980-A08C-E57B4FE912D5}
[2012.07.17 20:11:34 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{75E4D2B8-97DB-4E42-966B-51444A6AB122}
[2012.07.17 20:11:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{81D4CE8B-4BA1-4E62-8DE3-03335BC7D5DD}
[2012.07.16 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{B6B11DC3-31ED-46AB-AE92-3CEEAE17BD59}
[2012.07.16 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{6EBF90EF-ED7F-4265-88DB-79AB5F6D42EF}
[2009.11.26 19:31:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009.06.27 18:06:16 | 000,178,176 | ---- | C] (privat) -- C:\Program Files\ClearProg.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.14 13:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.14 13:41:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 13:41:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 13:33:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.14 13:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 13:33:39 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.13 20:11:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Taschenlampe\Desktop\OTL.exe
[2012.08.13 20:07:50 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.13 20:06:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Taschenlampe\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.13 20:07:50 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.06 23:09:52 | 000,001,456 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.01.04 19:32:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.08 16:36:26 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.11.03 18:15:47 | 001,713,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.13 21:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Local\{A7AC2D05-F118-42F3-844A-8FA9354E7F92}
[2011.06.16 21:59:08 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\daspi32u.dll
[2011.06.16 21:45:11 | 000,020,531 | -H-- | C] () -- C:\ProgramData\M33KI
[2011.02.14 16:53:16 | 000,000,218 | ---- | C] () -- C:\Users\Taschenlampe\.recently-used.xbel
[2010.11.27 20:53:06 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini
[2010.11.17 17:15:32 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.17 17:15:32 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.04.15 14:44:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.05 23:36:37 | 000,001,980 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Roaming\wklnhst.dat
[2010.02.18 16:02:37 | 000,065,536 | ---- | C] () -- C:\Users\Taschenlampes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.20 01:06:30 | 000,007,605 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Local\Resmon.ResmonCfg
========== LOP Check ==========
[2010.01.16 23:01:06 | 000,000,000 | -HSD | M] -- C:\Users\Taschenlampe\AppData\Roaming\.#
[2011.01.10 22:22:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\.minecraft
[2012.03.03 00:06:55 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Ahnenblatt
[2011.02.09 22:15:03 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Ambient Design
[2010.02.12 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Artweaver
[2010.02.12 13:58:11 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Artweaver Plus
[2010.04.25 19:43:20 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Audacity
[2011.03.26 23:17:29 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\AV Bros Puzzle Pro 3.1 DEMO (64 Bit)
[2011.02.09 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Bamboo Explore
[2010.06.25 15:15:25 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Blender Foundation
[2010.06.20 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Canon
[2011.03.05 21:43:25 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.07.19 10:25:19 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.08.12 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Dropbox
[2011.07.24 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoft
[2011.03.24 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.20 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\e-academy Inc
[2011.12.29 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\FileZilla
[2010.01.16 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\GameConsole
[2010.11.08 18:31:23 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\GetRightToGo
[2011.05.18 21:48:30 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\GNU Solfege
[2012.06.09 22:55:18 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Hobbyist Software
[2011.02.22 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\ICQ
[2010.06.24 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\inkscape
[2012.03.25 10:24:42 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Internet Exprorer Add-on
[2012.08.12 23:01:39 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\IrfanView
[2011.06.26 15:38:16 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Lasersoft Imaging
[2010.03.27 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\MAXON
[2011.02.17 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\NeatImage SL
[2010.07.01 00:04:57 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\net.tw.fotolia-desktop
[2010.07.08 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\NetMedia Providers
[2010.04.08 21:59:14 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Nik Software
[2012.06.20 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Notepad++
[2011.12.29 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Nvu
[2010.05.06 17:38:04 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\OpenOffice.org
[2011.06.16 22:03:57 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\PIE
[2010.01.17 23:25:30 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\PowerCinema
[2010.07.08 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Publish Providers
[2010.01.16 23:01:13 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\SoftDMA
[2012.08.12 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\SoftGrid Client
[2011.11.05 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Solveig Multimedia
[2010.06.25 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.01.13 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Stella
[2010.03.05 23:36:38 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Template
[2010.05.31 12:56:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Thunderbird
[2011.04.06 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\TIPP10
[2010.03.29 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Tobit
[2012.06.20 21:37:39 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\TP
[2011.02.09 21:39:45 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Wacom
[2011.02.09 21:39:47 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.06.23 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Windows Live Writer
[2012.07.19 20:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C59E90A4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >
--- --- ---
Und der zweite:
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 14.08.2012 13:45:28 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Taschenlampe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 64,41% Memory free
7,73 Gb Paging File | 6,15 Gb Available in Paging File | 79,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 80,21 Gb Free Space | 17,48% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 231,69 Gb Free Space | 50,49% Space Free | Partition Type: NTFS
Drive E: | 264,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: Taschenlampe-PC | User Name: Taschenlampe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0599AD3E-97B6-418E-BC38-4B67C6E2E533}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0EFEC10C-94A7-4699-8A33-5ADC00138145}" = rport=138 | protocol=17 | dir=out | app=system |
"{112E4A15-E002-428E-A364-BFD1F9EBC013}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16CC76F9-AC96-4237-9D25-18932F3253A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22FD9BF0-14E3-45B2-B687-7C15ADFC5F64}" = rport=445 | protocol=6 | dir=out | app=system |
"{238A19EF-217C-459A-B9F0-BFCC3CBF9992}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DBBAD0C-1101-4AED-9BB4-E2EEF33CA9A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B9DEBC0-8BA3-4451-8E3E-7BAA1D918143}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3E037A1B-CC8F-4CC1-80B4-975A51C9368E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FDE60BE-82C2-4C95-9E86-BF97B96BC32F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{52C0632F-185D-4DB4-84BF-F2A68BE3FFB3}" = lport=139 | protocol=6 | dir=in | app=system |
"{54CBF3D5-F930-4B35-9603-18A3034D5644}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C6B23F5-239A-4823-B780-931A58E33CAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{736C1AD9-A137-4D9B-8E58-84C50010990C}" = rport=137 | protocol=17 | dir=out | app=system |
"{741342F1-2FEF-4A6E-9C90-66B7FD12AE90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{869F4315-F4D3-4597-A14E-7DA9D06D4B5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DDFA637-0406-42DF-A5B9-290BBC8E1FC9}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{959BBC14-9D62-449D-AD40-CD95E741AF64}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96A34203-3A0D-41F0-A515-B8C1EAF40495}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF5A2C9F-45F1-4BF0-A737-71BCCF004F45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B440B751-1832-4050-9500-B993D324FE86}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B969468C-1AF4-49C7-9C99-A8B03A8B78F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAFDF161-4D55-4296-922C-C90110040E17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBE36B81-9245-493C-A4ED-95227FAB2E6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5430F5F-8F13-425D-A857-189227F78B51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED26FDB9-6B50-4B63-9409-2D7AE5D5F84B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEACEAB7-7046-40C0-A9C6-47B92EDEC6AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7025EAF-BAE6-48A6-A727-22F3E986D57E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9A68184-321D-4671-AA39-33CF1AA03AFA}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0125DD90-2839-45AA-80C9-3F52730BFCA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04423C1C-0296-4381-9083-56D1E0FFBD2F}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_1df8.exe |
"{0D367C0B-6502-46A1-B0A6-EAD9EDA4B2B7}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_1df8.exe |
"{1311470B-2121-491B-910A-565418570AE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A814056-BF74-45F4-8EC0-60A145E0AA60}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\downloads\flv_player_setup.exe |
"{1B1C3094-428F-4766-9A27-BF967AA42505}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{235276D3-63E9-46B9-AE1C-91A7854C348C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23C4C344-CBD7-4C5F-9900-91808CE0FBF8}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{2999B480-04BC-4CC7-A7D4-5073AD5AB579}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{2A907008-9A2B-42F9-95C6-A00823FAAE0A}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\downloads\flv_player_setup.exe |
"{2F83989B-9985-4068-A1BD-44168B480785}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{30202B40-9D87-4344-B9CC-9EDCCF78AA6D}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"{335FF696-C317-4F88-AF8A-4AE2AD8126CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33AA6A8D-7B72-4E17-BABD-FF56D3C40990}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{348FD22B-FEB3-490F-BD55-C4C24E12F86F}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{36E13E43-F685-4DD9-B5C6-CC36DE31B043}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{36EEF358-B611-4BFA-98AA-A85146151EA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{39E2635D-69F3-40A1-A846-F4624A5E068B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{40C73673-8167-4518-9FC3-0102364D6BCB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{53FFF210-346C-46C9-BD95-19D7BA39A6BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56B2C510-808F-4DD3-9B5B-BB0417FEF727}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{58CD2BB7-3954-4E09-86B1-C6DA0176C0D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{59211C92-2284-43DA-8541-CD9DE5F3A2E7}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\7zs285f\hppiw.exe |
"{5C820663-4E7E-484E-B5F8-71F8B799D1CF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5F27FAF0-99E8-4C0D-B52F-E045915C1DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{5FA792D5-886C-4515-B043-84D4776FE494}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\7zs285f\hppiw.exe |
"{619BCEFE-9115-467C-A272-914CF71315F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{6383900F-33C7-48DB-8281-6C35915028CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{648A1C48-07E1-42C2-BEF3-F9EAA9BF6FF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66DF81D7-2944-47E8-ABAE-761FC6D05CB1}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"{6CD111E0-9A9E-420C-B150-1E49F97C4901}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E7B86F5-BED6-4607-AD5F-23FC68D28467}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{74D99B5A-8CD7-44DB-B673-F7AC6D48DDA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7623A4E6-9A54-4C67-AF41-C3FDD7BEBA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{77EE1DCD-AD75-40CD-B3CE-481181CB7953}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79F00830-DD0B-4F0F-B8D0-7BAD37A7D230}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BC708CA-879E-4028-840C-908C83E7B725}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{7BD9F926-97C2-41E6-920E-FADEFDBCC041}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_4433.exe |
"{85375B04-0D94-4E97-8F1F-05E67A9C9E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8539AD18-C9F9-4AF5-B289-78650CAD5292}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{890010A8-E286-44C9-9CBA-031D0635615E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{8DFE587A-FF36-4312-A915-86AB7173EE7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E73CFD5-2AE3-479F-B55B-B5DFBE128929}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{8E917D8B-1D58-4B96-A0E9-5C25B99406FF}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EBAE748-C746-4EA0-AFEF-DFC6E683784A}" = protocol=6 | dir=out | app=system |
"{932CEB8D-4B10-4A3D-A7E8-0F16F1263889}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A8C62BC8-6B99-44CA-BC47-D32431E9CB98}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"{AB1A2734-73FC-42AA-B36C-F6F8C154782B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACC1E371-2273-4EE4-AB75-73512BA92E5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD309413-15A1-4107-8CFE-4839AB96189E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B01D195E-7706-4FE8-947C-4DAE661DB3C7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B84D4A5D-FBDB-40CC-A245-7460BE013CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{B8A27DBC-030C-4FF5-A1C8-484483879FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{BBEE3AB5-16E2-4824-B782-7749F183B647}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BCFA3819-D710-44AE-BF9C-7F5A0E197ED7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BDBFB3BB-C071-4DC5-B84E-2D2F5EC2DED5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C59E3F7D-C13E-4465-89F4-2041ABDB0271}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_4433.exe |
"{C60E0DE8-0D37-4E78-99AE-415669A59B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{DC2A25A0-348D-4F60-80E2-CE260CBA4F01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{E0D0450F-52C5-49D4-852B-BF35513665E7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E4B014BA-7F0F-4850-8FA0-A70A138AAE97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4CFD87A-08CC-4B58-97FF-21C88FE14D55}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{E738D99B-9532-45AD-A5C2-D0D8ADC082EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{E8E559CB-E1F0-4651-A42C-1A0F82E6A4FC}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{ECF1C00F-E3A6-400A-8057-214D798DAF07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5C5E6B7-2025-4BA4-8A9B-B9865327BB9E}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{F5C6E9C5-771F-463E-97F6-0C744B420FB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F791F725-8296-490F-9444-AFEC986C6C28}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{F947E8E3-7CE0-46A3-BB60-45A914FAC655}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"TCP Query User{12CC1008-579F-4862-A06A-EFF2F42C596E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{1B27FB40-6A3E-44CA-812E-CC064FF08F8C}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{2331E7C8-3640-4C64-A97A-A28A9C83E75E}C:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4034F782-E7DE-4615-9A93-1D3711898530}D:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe |
"TCP Query User{4B0BC3CD-7C91-4EDF-BF4F-E0D652B1BE32}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{503EC7A2-6AF9-4C9A-95FC-CC8065C0621F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{65B597E2-FAA3-45EC-B0C9-42230C936054}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{6E5C610B-BA71-415C-B318-7067E0B430B9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{748D0B93-9DAD-4A1B-BA2F-4736F6061EF4}C:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8B7496F8-651E-4AFA-AD22-832E7507FF4E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{9078B504-EF74-4C7D-95DE-D349AB57BEE3}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{F8D44452-C5E4-479A-BBFA-75473DC2E75E}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{3ECA2191-C46B-4177-AE41-62710237FE2B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4BA045A7-AF2F-48CB-88E5-7237D843862A}C:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"UDP Query User{873A0081-0A86-48F1-8C10-5FFADC838436}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{8ECBF4E5-FDD8-4BBE-A243-44688DBAF7F3}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{95F65215-A16F-449D-8168-CE9A722FF264}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{AA631377-C221-48EB-9BD2-3048DAFEA553}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C46CC357-4B1A-4DE8-96FB-82CA217A8511}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{C54813D6-4142-42EE-B13A-F8D21CF076A5}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{CE5D9942-11ED-49FF-99CA-B964483552D7}C:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E1543D8A-DAE2-40A8-9B5C-6F55B231A649}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{E445098D-C4DE-4894-8C25-9FE342669FCC}D:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe |
"UDP Query User{F17EFEC0-E06A-4E8C-B719-4C78A88599D6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"doPDF 6 printer_is1" = doPDF 6.3 printer
"MAXOND23FFDAC" = CINEMA 4D Demo 11.530
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{354D00E0-C7C9-4BC1-BC12-08C4977AA827}" = SlimDX Redistributable (June 2010)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.2.1 Beta
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{90D161A3-7D26-11D8-AB0F-000374890932}" = Internet Software Pak
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94C1A41C-2A2D-4AF0-858E-924288245621}" = SlimDX Redistributable (August 2009)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d5299f9-f94e-43ed-9632-a5e045b51f7d}" = Nero 9 Essentials
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE71A92-DF5D-5880-F8B0-7FF30CE49B44}" = myphotobook.de
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AD9E6AC8-27B4-326A-69D1-C8A3549DAC22}" = Bamboo Dock
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B455DA2A-531A-4456-BA1C-3534DD327EFE}" = CyberView X Multiple-Slides Scanner v1.18a
"{B46834CC-141E-11D5-A76F-0030AB007078}" = MA101 USB Adapter Configuration Utility
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B64B2351-10AE-4890-9D5E-F9BDC292801D}_is1" = Dietrich's AG PlanCAD-L
"{B9BD670E-E9BF-494A-9843-F20C13EE8C4C}" = ArtRage 2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA2B4016-343D-4564-BE1C-99D84BE9673D}" = AKVIS ArtWork
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.69
"Algebrus_is1" = Algebrus 3.1
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"Bamboo Explore" = Bamboo Explore
"Bamboo Scribe LanguagePack de_DE 3.2_is1" = Bamboo Scribe LanguagePack de_DE 3.2
"Bamboo Scribe Wacom 3.2_is1" = Bamboo Scribe Wacom 3.2
"Blender" = Blender (remove only)
"Box24" = Box 24
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Dfine 2.0" = Dfine 2.0
"DivX Setup" = DivX-Setup
"druckstdu.de Designer 1.5.1_is1" = druckstdu.de Designer 1.5.1
"EuroGrand Casino" = EuroGrand Casino
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"GML Matting_is1" = GML Matting 0.3
"GNU Solfege_is1" = GNU Solfege 3.18.7
"Harry's Filters_is1" = Harry's Filters 3.01
"Hotkey Utility" = Hotkey Utility
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"ImageSkill Magic Enhancer Lite 1" = ImageSkill Magic Enhancer Lite 1 (Remove only)
"ImageSkillOutliner" = ImageSkill Outliner (remove only)
"Inkscape" = Inkscape 0.48.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"Joyland Casino" = Joyland Casino
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenTTD" = OpenTTD 1.1.0
"Pen Tablet Driver" = Bamboo
"Pixum Fotobuch" = Pixum Fotobuch
"PRJPRO" = Microsoft Office Project Professional 2007
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"S2TNG" = Die Siedler II - Die nächste Generation
"Slideroll Gallery AV_is1" = Slideroll Gallery AV 2.1.03b
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TinyCAD" = TinyCAD 2.70.03
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Move Media Player" = Move Media Player
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.08.2012 19:08:20 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
Error - 12.08.2012 19:08:20 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
Error - 13.08.2012 02:44:43 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2012 02:44:43 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27398611
Error - 13.08.2012 02:44:43 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27398611
Error - 13.08.2012 03:24:43 | Computer Name = Taschenlampe-PC | Source = MsgPlusService | ID = 0
Description =
Error - 13.08.2012 03:24:43 | Computer Name = Taschenlampe-PC | Source = MsgPlusService | ID = 0
Description =
Error - 13.08.2012 08:35:26 | Computer Name = Taschenlampe-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0061-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 14.08.2012 03:27:12 | Computer Name = Taschenlampe-PC | Source = TabletServicePen | ID = 1
Description =
Error - 14.08.2012 07:44:57 | Computer Name = Taschenlampe-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.57.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12d4 Startzeit:
01cd7a11ebe6c195 Endzeit: 16 Anwendungspfad: C:\Users\Taschenlampe\Desktop\OTL.exe Berichts-ID:
[ Media Center Events ]
Error - 17.02.2010 05:12:33 | Computer Name = Taschenlampe-PC | Source = MCUpdate | ID = 0
Description = 10:12:33 - Fehler beim Herstellen der Internetverbindung. 10:12:33
- Serververbindung konnte nicht hergestellt werden..
Error - 17.02.2010 05:13:10 | Computer Name = Taschenlampe-PC | Source = MCUpdate | ID = 0
Description = 10:13:03 - Fehler beim Herstellen der Internetverbindung. 10:13:03
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.08.2012 17:34:18 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
Error - 13.08.2012 08:24:59 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.08.2012 08:27:28 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
Error - 13.08.2012 08:39:27 | Computer Name = Taschenlampe-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A31B4507-1C36-4DF5-A6F8-E2202D83664F} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 13.08.2012 08:39:27 | Computer Name = Taschenlampe-PC | Source = NetBT | ID = 4321
Description = Der Name "Taschenlampe-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.2 registriert werden. Der Computer mit IP-Adresse 192.168.0.8
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 13.08.2012 08:39:28 | Computer Name = Taschenlampe-PC | Source = NetBT | ID = 4321
Description = Der Name "Taschenlampe-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.2 registriert werden. Der Computer mit IP-Adresse 192.168.0.8
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.08.2012 03:26:52 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.08.2012 03:29:18 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
Error - 14.08.2012 07:33:56 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.08.2012 07:36:34 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
< End of report >
--- --- --- |
