Erst einmal danke, dass Du Dich meines Problems annimmst ;-)
Hier die Reports.
OTL.txtOTL Logfile: Code:
OTL logfile created on: 20.01.2011 19:31:42 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 207,42 Gb Free Space | 46,55% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Stefan\AppData\Local\Temp\is-GTO5U.tmp\is-7J435.tmp ()
PRC - C:\Users\Stefan\Desktop\registryfix.exe (Registry Fix )
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Users\Stefan\Desktop\HiJackThis204.exe (Trend Micro Inc.)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\RegistryFix8\RegFix8.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
========== Modules (SafeList) ==========
MOD - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
========== Win32 Services (SafeList) ==========
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx)
DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010.12.21 23:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\System32\PxSecure.dll (Prevx)
O3 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [newsecureapp70700.exe] File not found
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [Pnptree] File not found
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [wcrasxemno.exe] File not found
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.01.20 19:27:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2011.01.20 19:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryFix8
[2011.01.20 19:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2011.01.20 19:23:14 | 001,227,704 | ---- | C] (Registry Fix ) -- C:\Users\Stefan\Desktop\registryfix.exe
[2011.01.20 18:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
[2011.01.20 18:04:13 | 000,071,880 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2011.01.20 18:04:13 | 000,032,008 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2011.01.20 18:04:08 | 000,026,096 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2011.01.20 18:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011.01.20 18:03:16 | 000,076,696 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2011.01.20 18:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011.01.20 18:01:56 | 000,945,272 | ---- | C] (Prevx) -- C:\Users\Stefan\Desktop\prevxcsifree.exe
[2011.01.20 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\backups
[2011.01.20 10:40:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Stefan\Desktop\HiJackThis204.exe
[2011.01.18 00:47:04 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011.01.18 00:47:03 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011.01.18 00:46:48 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011.01.18 00:46:46 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011.01.18 00:46:24 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011.01.18 00:46:22 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011.01.18 00:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011.01.18 00:41:58 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011.01.18 00:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011.01.18 00:30:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PC Tools
[2011.01.18 00:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011.01.18 00:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.01.17 20:55:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Simply Super Software
[2011.01.17 20:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.01.17 20:55:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.01.17 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Simply Super Software
[2011.01.17 20:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.01.17 20:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.01.17 20:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
[2011.01.17 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2011.01.17 19:44:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2011.01.17 19:44:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.17 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.17 19:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.17 19:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.17 19:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.15 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2011.01.12 23:36:33 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.01.12 21:50:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 21:50:34 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.10 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Nero-Tools
[2011.01.10 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\MS Office
[2011.01.10 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\DESIGN222
[2011.01.10 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Antivir, Backup & Co
[2011.01.10 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Spiele
[2011.01.10 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Musik & Tools
[2011.01.10 21:07:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Video & Tools
[2011.01.10 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Bilder, Fotos & Tools
[2011.01.10 21:03:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Corel User Files
[2011.01.10 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Corel
[2011.01.10 20:58:23 | 000,000,000 | ---D | C] -- C:\Windows\Corel
[2011.01.10 20:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 11
[2011.01.10 20:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011.01.10 20:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011.01.10 20:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\CorelDRAW Graphics Suite 11
[2010.12.24 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECUNIONLINE
[2010.12.24 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TECUNIONLINE
[2010.12.24 10:56:02 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_wininet.dll
[2010.12.24 10:56:01 | 001,392,671 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_msvbvm60.dll
[2010.12.24 10:56:01 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_oleaut32.dll
[2010.12.24 10:56:01 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_riched20.dll
[2010.12.24 10:56:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_MSCTF.dll
[2010.12.24 10:56:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_odbcint.dll
[2010.12.24 10:56:01 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_olepro32.dll
[2010.12.24 10:56:01 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_lpk.dll
[2010.12.24 10:56:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_stdole2.tlb
[2010.12.24 10:56:00 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_comres.dll
[2010.12.24 10:56:00 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_clbcatq.dll
[2010.12.24 10:56:00 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_asycfilt.dll
[2010.12.24 10:56:00 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_COMCAT.DLL
[2010.12.24 10:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\TECUNIONLINE
[2010.12.24 10:55:29 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX
[2010.12.24 10:55:29 | 000,260,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDATGRD.OCX
[2010.12.24 10:55:29 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2010.12.24 10:55:29 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2010.12.24 10:55:29 | 000,232,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDATLST.OCX
[2010.12.24 10:55:29 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2010.12.24 10:55:29 | 000,151,552 | ---- | C] (c&d) -- C:\Windows\System32\vistacmd.ocx
[2010.12.24 10:55:29 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6CHS.DLL
[2010.12.24 10:55:29 | 000,049,152 | ---- | C] (c&d) -- C:\Windows\System32\XpProgBar.ocx
[2010.12.24 10:55:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTCHS.DLL
[2010.12.24 10:55:28 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010.12.24 10:55:28 | 000,500,736 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2010.12.24 10:55:28 | 000,344,064 | ---- | C] ( os) -- C:\Windows\System32\dhCairo.dll
[2010.12.24 10:55:28 | 000,200,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBLIST32.OCX
[2010.12.24 10:55:28 | 000,147,456 | ---- | C] (随想软件工作室 Capricciososoft) -- C:\Windows\System32\Command.ocx
[2010.12.24 10:55:28 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCCHS.DLL
[2010.12.24 10:55:28 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMM32.OCX
[2010.12.24 10:55:28 | 000,086,016 | ---- | C] (科特软件 CurtSoft) -- C:\Windows\System32\curtmenu.ocx
[2010.12.24 10:55:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msado25.tlb
[2010.12.24 10:55:28 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSBIND.DLL
[2010.12.24 10:55:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBADAPT.DLL
[2010.12.24 10:55:28 | 000,033,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20CHS.DLL
[2010.12.24 10:55:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGCHS.DLL
[2010.12.24 10:55:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DATGDCHS.DLL
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.01.20 19:33:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4ED02BB-6474-4E24-A026-945E4269827B}.job
[2011.01.20 19:29:36 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1A6F84B1-0012-4753-9273-FBF0FB673E98}.job
[2011.01.20 19:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2011.01.20 19:24:12 | 000,000,729 | ---- | M] () -- C:\Users\Stefan\Desktop\RegistryFix8.lnk
[2011.01.20 19:23:25 | 001,227,704 | ---- | M] (Registry Fix ) -- C:\Users\Stefan\Desktop\registryfix.exe
[2011.01.20 19:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.20 18:50:28 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.20 18:50:28 | 000,603,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.20 18:50:28 | 000,104,912 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.20 18:50:27 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.20 18:44:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.20 18:43:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.20 18:43:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.20 18:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.20 18:40:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.20 18:20:17 | 000,025,038 | ---- | M] () -- C:\Users\Stefan\Desktop\AKD-7369707233.pdf
[2011.01.20 18:04:13 | 000,071,880 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2011.01.20 18:04:13 | 000,032,008 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2011.01.20 18:04:08 | 000,026,096 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2011.01.20 18:03:54 | 000,000,051 | ---- | M] () -- C:\Windows\wininit.ini
[2011.01.20 18:03:16 | 000,076,696 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2011.01.20 18:02:00 | 000,945,272 | ---- | M] (Prevx) -- C:\Users\Stefan\Desktop\prevxcsifree.exe
[2011.01.20 17:48:57 | 000,000,724 | ---- | M] () -- C:\Users\Stefan\Desktop\regedt32.exe - Verknüpfung.lnk
[2011.01.20 10:40:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Stefan\Desktop\HiJackThis204.exe
[2011.01.18 00:48:10 | 002,260,412 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.01.18 00:45:58 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011.01.18 00:15:25 | 000,513,032 | ---- | M] () -- C:\Users\Stefan\Desktop\sdasetup[1].exe
[2011.01.17 23:26:51 | 000,564,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.17 20:55:29 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.01.17 20:44:31 | 000,000,772 | ---- | M] () -- C:\Users\Stefan\Desktop\Trojancheck.lnk
[2011.01.17 19:44:25 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.16 12:43:24 | 000,000,040 | ---- | M] () -- C:\Windows\System32\bad_packet
[2011.01.16 01:26:52 | 000,064,000 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.13 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Packard Bell Data Secure for Stefan.job
[2011.01.10 21:02:41 | 000,002,579 | ---- | M] () -- C:\Users\Stefan\Desktop\CorelDRAW 11.lnk
[2011.01.06 22:41:29 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.01.06 22:21:34 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.02 19:00:35 | 000,000,299 | ---- | M] () -- C:\Windows\System32\query.raw
[2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010.12.24 10:56:04 | 000,000,801 | ---- | M] () -- C:\Users\Stefan\Desktop\TECUNIONLINE Fernbedienung programmieren.lnk
[2010.12.21 23:26:09 | 000,427,674 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.01.20 19:24:12 | 000,000,729 | ---- | C] () -- C:\Users\Stefan\Desktop\RegistryFix8.lnk
[2011.01.20 18:20:16 | 000,025,038 | ---- | C] () -- C:\Users\Stefan\Desktop\AKD-7369707233.pdf
[2011.01.20 18:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.20 17:48:57 | 000,000,724 | ---- | C] () -- C:\Users\Stefan\Desktop\regedt32.exe - Verknüpfung.lnk
[2011.01.18 00:47:34 | 002,260,412 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.01.18 00:45:58 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011.01.18 00:15:40 | 000,513,032 | ---- | C] () -- C:\Users\Stefan\Desktop\sdasetup[1].exe
[2011.01.17 20:55:29 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.01.17 20:55:10 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.01.17 20:55:09 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.01.17 20:55:08 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.01.17 20:55:08 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.01.17 20:44:31 | 000,000,772 | ---- | C] () -- C:\Users\Stefan\Desktop\Trojancheck.lnk
[2011.01.17 19:44:25 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.10 21:02:11 | 000,002,579 | ---- | C] () -- C:\Users\Stefan\Desktop\CorelDRAW 11.lnk
[2010.12.24 10:56:04 | 000,000,801 | ---- | C] () -- C:\Users\Stefan\Desktop\TECUNIONLINE Fernbedienung programmieren.lnk
[2010.12.24 10:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.12.24 10:55:29 | 000,068,608 | ---- | C] () -- C:\Windows\System32\MSDATLST.oca
[2010.12.24 10:55:29 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MSDATGRD.oca
[2010.12.24 10:55:29 | 000,002,516 | ---- | C] () -- C:\Windows\System32\MSDATGRD.DEP
[2010.12.24 10:55:29 | 000,002,496 | ---- | C] () -- C:\Windows\System32\MSDATLST.DEP
[2010.12.24 10:55:29 | 000,000,111 | ---- | C] () -- C:\Windows\System32\MSDATGRD.SRG
[2010.12.24 10:55:28 | 000,068,096 | ---- | C] () -- C:\Windows\System32\DBLIST32.oca
[2010.12.24 10:55:28 | 000,028,160 | ---- | C] () -- C:\Windows\System32\command.oca
[2010.12.24 10:55:28 | 000,002,496 | ---- | C] () -- C:\Windows\System32\DBLIST32.DEP
[2010.11.26 20:58:42 | 000,000,065 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\AcroIEHelpe.txt
[2010.09.29 22:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010.09.27 20:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin
[2010.08.22 15:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys
[2010.08.22 15:45:41 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.09 21:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.07.01 14:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.22 14:54:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.24 19:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 01:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS
[2008.07.12 17:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat
[2008.05.27 18:12:09 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.04.02 15:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml
[2008.03.19 17:41:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008.03.15 19:55:36 | 000,064,000 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.02 23:05:12 | 000,000,480 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.22 20:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 13:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat
[2008.01.16 14:05:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.01.16 14:05:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.01.14 13:02:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.04.24 12:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.20 23:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
[2003.04.24 22:15:32 | 000,772,608 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2003.04.24 22:15:32 | 000,287,232 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2003.04.24 22:15:32 | 000,079,872 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2003.04.24 21:29:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
========== LOP Check ==========
[2008.09.07 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon
[2008.09.03 20:33:59 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\fotobuch.de AG
[2010.11.21 11:45:37 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Juniper Networks
[2009.05.03 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon
[2008.07.06 10:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2010.09.27 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH
[2008.04.13 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon
[2010.11.26 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock
[2011.01.20 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2008.02.25 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys
[2009.01.13 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player
[2008.09.03 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG
[2009.04.25 09:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google
[2010.11.21 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks
[2010.01.09 22:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire
[2008.04.16 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft
[2010.03.15 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc
[2008.04.13 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft
[2011.01.17 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Simply Super Software
[2008.12.31 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux
[2010.10.03 21:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout
[2008.08.06 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis
[2010.07.31 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2008.07.12 17:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template
[2008.09.17 20:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core
[2010.11.26 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs
[2010.11.26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm
[2011.01.13 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Data Secure for Stefan.job
[2011.01.20 18:41:57 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.20 19:29:36 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1A6F84B1-0012-4753-9273-FBF0FB673E98}.job
[2011.01.20 19:33:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4ED02BB-6474-4E24-A026-945E4269827B}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.09.27 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2009.05.03 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon
[2009.01.01 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ArcSoft
[2008.07.06 10:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2010.09.27 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH
[2008.04.13 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon
[2010.11.26 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock
[2011.01.20 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2011.01.10 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Corel
[2008.02.25 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys
[2009.01.13 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player
[2008.12.13 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CyberLink
[2008.09.03 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG
[2009.04.25 09:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google
[2008.04.04 22:51:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Google
[2008.02.29 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Help
[2008.02.22 13:43:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities
[2009.01.05 18:26:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2010.11.21 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks
[2010.01.09 22:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire
[2008.02.29 22:19:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2011.01.17 19:44:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2010.09.27 21:19:40 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2008.02.22 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nero
[2008.04.16 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft
[2011.01.18 00:30:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PC Tools
[2010.03.15 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc
[2008.03.01 00:35:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Real
[2008.04.13 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft
[2011.01.17 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Simply Super Software
[2008.12.31 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux
[2010.10.03 21:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout
[2008.08.06 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis
[2010.07.31 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2008.07.12 17:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template
[2008.09.17 20:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core
[2010.11.26 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs
[2010.11.26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm
< %APPDATA%\*.exe /s >
[2007.05.10 09:29:40 | 000,057,344 | ---- | M] (SBS) -- C:\Users\Stefan\AppData\Roaming\ASCON Installer\ASUNINST.EXE
[2010.10.28 03:21:50 | 000,247,928 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\64bitProxy.exe
[2010.06.08 08:32:32 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
[2010.06.08 08:32:34 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2010.06.08 08:32:34 | 000,157,040 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe
[2010.06.08 08:32:44 | 000,056,072 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe
[2010.06.03 00:46:12 | 000,132,464 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2010.06.03 00:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2010.06.03 00:45:36 | 000,330,088 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2010.06.03 00:44:10 | 000,218,232 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2010.06.03 00:46:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2010.02.15 17:46:36 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
[2008.02.08 11:10:10 | 000,004,608 | ---- | M] (Curio Laboratories) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\SendTo\RemoveOnReboot.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.01.20 18:04:08 | 000,026,096 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\Windows\System32\drivers\pxkbf.sys
[2011.01.20 18:03:16 | 000,076,696 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\Windows\System32\drivers\pxrts.sys
[2011.01.20 18:04:13 | 000,032,008 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\Windows\System32\drivers\pxscan.sys
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 07:28:21 | 000,179,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msnetobj.dll
[2008.01.19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC
< End of report >
--- --- ---
Extras.txtOTL Logfile: Code:
OTL Extras logfile created on: 20.01.2011 19:31:42 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 207,42 Gb Free Space | 46,55% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201F59C-2A42-4168-B6B3-0742E5C310B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F6033E4-9018-4FFD-9DE0-AB3C2B32C051}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7A2B43-39B1-4595-9BD3-E9DF6500598B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{22E5DAEB-6EF8-4768-9FE9-02A3C9CF0BD0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3093077A-A4DA-446A-B8A6-56926CE9987D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{327B40F8-3A96-41DD-98EF-975A84E152E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32DA4576-3502-4566-A3F7-20C9D8BE930C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A22D451-B80E-444F-BD57-CF3659A1AD5E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{64DD3AA3-6C78-468F-8C19-062A97787F6D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6C7ABAEA-94EC-4F40-A78E-F2E7FF53D3EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6D4368A2-515B-4932-B719-1184C7752B63}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6F30EEAC-6DBD-40E4-9596-39696C3F6C39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{715CA0D4-A98F-401B-AC78-89ECBDB349D3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{74DA62FC-0629-4CA1-8A0F-3292C621547D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76021415-672B-4BCA-B811-AC4BD3D956FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D9972D8-4A7D-4060-9BCD-BAB3A90EAEE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7F51410D-E049-4FCF-99EE-85CF9E5E2E70}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8446FBC6-5150-4991-93EC-2EC0AD81ED96}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{87E96F97-35F1-41E9-B390-7949D1AADBEA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8A2810D4-2EE8-4E4C-8BD0-FE761B7D7D28}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{90119939-426B-49D7-97BC-0DAC63F39D81}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAAAAAD3-4046-4A38-8385-980E90373444}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BB9E1E4F-7151-4AD5-96D3-CE7D7A61C19B}" = lport=8371 | protocol=17 | dir=in | name=gnab udp port |
"{D6AFC82A-5CD7-45D8-84CF-0931CA258CD3}" = lport=8371 | protocol=6 | dir=in | name=gnab tcp port |
"{DD8C93B5-C428-4F8F-927B-D47E4C143769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE171572-4743-471A-8A63-D11154E857C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FDF91233-0723-477B-BD79-CBF101054E7E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D254ED-9826-4CF1-ACD8-D1732D481C7A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08488E07-A207-42AB-8C3C-6234D4396596}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{11320A4E-C369-4050-9037-652326A3953B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15AD1714-57F8-45D4-BB36-38FB0005CA13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{180BC910-87AD-4BE4-9CF0-4CD1A942FE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C37DE41-E3BF-427A-9BE5-6ECA3FAE25FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D5A908B-8BFA-4831-A11F-3D1430B9C6D7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2825FD05-8E9E-4F6B-991E-5CFEEA5F841E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E46EB3C-480D-4D0E-AF80-572C3B12DE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EC05C3B-AF24-4E33-BFFE-7081C60BF964}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2FFBBAFD-24F9-491A-9C9B-5C53047559C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36AB7289-69E8-4406-9ACB-D849CBC89157}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{395C9D7B-C4AC-454E-A9C9-A27ED810A8B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CDFB4C1-B800-4D04-B0AE-36EFC87CB051}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D8EA1C3-8B1D-4F13-B5E2-ED0336057A24}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F95A07C-1F03-4610-A52B-9F5856D9DFC8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4130BA16-172C-4907-9EAD-6444ECE778FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CB5248-31AC-40D4-B543-E959845B6369}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4223D670-0C76-493C-97FC-48EDAD66CD39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{436C73AB-F50A-42DC-909C-357E7BACD274}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A6A6F1F-946A-475C-92C2-04682888C7A9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B126F9E-065A-470F-9C57-52CB0D311214}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BE09AE3-8CEA-4D5A-83F6-9B259977B5A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C920248-1C27-42F6-A992-8940750818D0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4EDAAC79-8CE8-4EDC-89B4-5A453A79A54C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5296BD95-B0C9-41C8-892E-4EBDD6228956}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55769CE4-6FD5-4D49-AA8A-2F6497F362AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C5052BE-0641-45BA-8A07-DE3C09806241}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5FE68731-57D6-4BBE-A189-4CDD3DEB8EA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{637E056F-BB80-44AA-83D0-18D13BC5D005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67A8F066-FB41-46FD-8223-8ED9F00514F4}" = protocol=6 | dir=in | app=c:\program files\medion\medionbox\program\gcs.exe |
"{6A7CB09F-4801-48DC-BAFA-6BD594F30F17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6F3ECAFA-4177-48A7-94A8-6B6DAE4F9A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7011A1BC-C5F3-4374-81B3-81493CD9B1C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{705A9499-0508-4DB6-A0DA-B07CB757CB71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{712F08D0-B161-4F7E-B97A-01B05C400584}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7329836A-FF09-48A1-85E6-9FCE61342786}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74DC73B1-AEAB-46BE-AF7B-9676ADA91C79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{79B7172D-5A63-4FD2-A06D-789F731AABD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7BE8CB32-F8AF-44F9-9EB4-CA3F3D28B706}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C352E82-A9AE-4161-A086-6A7FDB17CB58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8A7CBBDB-F778-4169-9CF9-06BE3DB69BB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8AAAE017-0EEE-4EFE-BEE9-AD38B6809B3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F8628ED-03FB-459A-9828-7FAF30B5029F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8FEA870F-A015-41D5-B12C-B48681121F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90CFDA12-EC19-4C9C-93BD-4D5F0DF0B93C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{91279B02-AC12-4F1E-9045-79C9BDED63A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9170DEBD-144B-42BF-92FB-5492B0B97876}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{92DAADF2-E286-41EA-AD09-4CE91022D5AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{977C7884-AED8-430E-9144-1338B53EBDAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9B0936E0-523C-4AB4-982B-4BB8AC559731}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B620083-EE58-436A-8FF6-F57F8CAA5722}" = protocol=17 | dir=in | app=c:\program files\medion\medionbox\program\gcs.exe |
"{9CC6AE99-3770-4BD5-ABE1-8B0C4E4DCB8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1CC2240-AEF8-4204-B042-CD1095CC280D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A25973C6-12CF-4C19-AF17-86BDFB75B5B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A76CDABD-2FB8-43DE-80E2-B8BD9FC372FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8109008-5F0E-46FF-9DAC-D1CBCEFC9376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC3A0640-F4C2-4B7E-B8B4-413A71852736}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B1747447-BF0E-422B-B6B7-E4A8E68AF401}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2853FF3-0A8E-43D7-8CC4-3219CF3221C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B40D92F6-73DA-4845-BCCB-426269BC6EEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B628B371-F445-49D8-B181-97125F42E99E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAB63DAB-B2DE-4371-AE2E-135634F56F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C2E53F8F-64CD-49C6-8D66-3CDF0F739606}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C3A4033A-3F0F-419C-ACE5-BEC637D3D1DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C58D1DCD-EE4E-4840-8553-81311D85DC70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C663D907-5F36-46D4-891B-2F9126AD1BE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C6D3DF86-C56D-4A0D-A9B7-451108644B9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCA07642-C99D-461B-990F-A2E81292271F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CDE31234-C3CC-45AB-BAF1-08B2356C4393}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D089D7B7-95C5-4821-8AB4-9D5021A0F7C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D361333C-2A74-4DD1-924D-F5536FA7EEC5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D3EF62A3-F4B2-4A3C-AC80-B64A40991BF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D565D3CA-4C44-4462-98CD-C71E9E5292B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8286C37-31A3-456B-96E7-51C01B820700}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9B3EA17-0C0D-45BD-8AF6-4EA77EA2F314}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC69D7D6-C91D-4829-87D1-360A048FD903}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF221089-7BD5-46C6-A634-E80D1DF92CE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E635663D-12F6-4FC4-8DC2-12AA1BBF5A15}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8B6F1F3-99E0-471C-8124-940E991DDC39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F1CE6CA0-8BDB-4DFA-BBA9-872AA517DDC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F315DCD3-0B59-4F42-9BE3-B66552AAA5F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F66CB2D4-D35C-45CD-8E6F-E2EC92917714}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F96A2944-D4AF-453E-A674-38E75BBA035C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAE6C358-C4A9-4B18-92D4-4665779AE73D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{10ECA3A8-B5F2-4F81-8B66-DBF220F8976F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{412001A3-3FF8-428D-8B53-A4274F1BA699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A831A8BD-D8DE-4DD9-A349-C1881FFFBDA9}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{B67DBBF1-ACE6-4D5E-BE22-3BBEB8B1037D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C2BAB6E9-C1BE-4419-9D3E-A3FEFB3E14F9}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{CF8E1166-9340-4BA5-BBD1-3DDDAA12375C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{D01091A6-C9CC-4242-BC86-3899BCA700A7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{D33545E8-764C-4394-AFED-5AC272B6F744}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EB6A1FF4-4C10-49E9-ACF9-B57380E9C389}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{0683E01C-8237-41D2-A849-0EE87465F524}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{11730B34-FDDE-4A85-AFA0-DEC333F78C5B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{3CAB603B-C142-47B7-B07A-17AC38774F05}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4FF3F819-CF78-4F6C-B58F-7924EBFEE8DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{5001422C-26EE-4188-8334-0DC78F453230}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{724EED51-F6B8-4BA0-A49D-F1675AB8C270}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{9413BFE9-D482-410B-8EC8-A14285C63BF3}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{ACB5D069-CABB-4EE0-9D5E-A779AE7D1443}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{AEF77A85-1C1D-4899-A3D6-8FE8D0556E34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241E9E85-7173-4AEC-9EE4-82A205EE6075}" = Application Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DC43FF-8F26-40B2-A566-C69C9457BF7D}" = Moorhuhn Soccer
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A05BD6BC-4710-402C-8BF3-B72A09119AE5}" = Doodle Outlook Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"Catan Online Welt" = Catan Online Welt
"Codec pack Base (DivX, Xvid, 3ivx)" = Codec pack Base (DivX, Xvid, 3ivx)
"CodeWallet Pro 2006 Desktop Companion" = CodeWallet Pro 2006 Desktop Companion
"CodeWallet Pro 2006 for Windows Mobile" = CodeWallet Pro 2006 for Windows Mobile
"Designer 2.0_is1" = Designer 2.0
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DVBViewer_is1" = DVBViewer Technisat Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"Photo Viewer 4.2.2_is1" = Photo Viewer 4.2.2
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Registry Fix_is1" = RegistryFix v8.0
"ResInfo" = WR-Tools ResInfo
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"Sachabenteuer_is1" = Toggolino - Sachabenteuer
"Sea3D" = Sea3D
"Spyware Doctor" = Spyware Doctor mit Antivirus 8.0
"SuperMailer" = SuperMailer 5.00
"TECUNIONLINE" = TECUNIONLINE
"TextMaker Viewer" = TextMaker Viewer
"Three thrixx Games v25" = Three thrixx Games v25
"TmNationsForever_is1" = TmNationsForever
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"Vistumbler" = Vistumbler
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Wissensabenteuer_is1" = Toggolino - Wissensabenteuer
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
"WM 2010 Spielplan" = WM 2010 Spielplan
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.05.2010 13:29:58 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 13:29:58 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 14:48:04 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 14:48:04 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 14:50:35 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00039747, Prozess-ID 0x15bc, Anwendungsstartzeit
01caf13acd8705d3.
Error - 11.05.2010 14:59:04 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00039748, Prozess-ID 0x1190, Anwendungsstartzeit
01caf13bf9ab43f3.
Error - 11.05.2010 15:20:45 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x0004a4d2, Prozess-ID 0x13c8, Anwendungsstartzeit
01caf13c755d3853.
Error - 12.05.2010 08:41:42 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.05.2010 08:41:42 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.05.2010 10:33:35 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4621
Description =
[ OSession Events ]
Error - 13.11.2009 15:57:09 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10.08.2010 17:24:37 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.10.2010 13:03:25 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 380
seconds with 120 seconds of active time. This session ended with a crash.
Error - 05.01.2011 17:29:30 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.01.2011 18:37:07 | Computer Name = Stefan-PC | Source = DCOM | ID = 10005
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.01.2011 14:12:37 | Computer Name = Stefan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.01.2011 um 14:47:08 unerwartet heruntergefahren.
Error - 15.01.2011 14:52:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 15.01.2011 14:52:12 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.01.2011 14:57:30 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.01.2011 13:40:54 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
--- --- --- |
