please-help | 15.07.2012 16:29 | Hi,
hier nochmal ein aktueller scan mit OTL.txt und Extra.txt.
Extra.txt wurde zunächst nicht angezeigt, hat aber nach einer Änderung der Einstellung dann geklappt.
schöne Grüße
OTL Logfile: Code:
OTL logfile created on: 15.07.2012 16:56:22 - Run 8
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\R***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,26% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 258,05 Gb Total Space | 152,11 Gb Free Space | 58,95% Space Free | Partition Type: NTFS
Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS
Drive X: | 160,09 Gb Total Space | 53,27 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS
Computer Name: 03-** | User Name: ch*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Processes (SafeList) ==========
PRC - C:\Users\R***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Hilfsprogramme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Hilfsprogramme\DiskDefrag\Auslogics Disk Defrag\ausshellext.dll ()
MOD - C:\Programme\Common Files\Acronis\Common\gc.dll ()
========== Win32 Services (SafeList) ==========
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Viewpoint Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
========== Driver Services (SafeList) ==========
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {307E6955-6CF9-4791-A645-558FBCD6A46B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox10\components [2012.05.03 09:08:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox 13\components [2012.06.10 11:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox 13\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox7\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox7\plugins
[2008.09.02 12:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Extensions
[2012.02.29 13:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions
[2010.06.24 15:25:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.17 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.10 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions
[2012.06.10 11:21:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.04.23 22:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox10\extensions
[2012.05.03 09:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox10\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.02.29 13:05:57 | 000,773,933 | ---- | M] () (No name found) -- C:\USERS\CHRONOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQNN3MJF.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
O1 HOSTS File: ([2009.04.10 17:10:06 | 000,312,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10751 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB03603 Class) - {5C9BE6C7-015B-4C06-BDB8-205163FA5F2C} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Programme\Copernic\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000..\Run: [Vidalia] C:\Program Files\Hilfsprogramme\vidaliaBundle\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004..\Run: [RfxSrvTray] "C:\Program Files\RadioFX\Tobit Radio.fx\Client\rfx-tray.exe" File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found
O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DD98CD-B228-4DFA-91EA-1A3FEB3250F2}: NameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.08 21:39:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.06.14 15:12:55 | 000,182,852 | ---- | M] () - X:\autokosten betriebsausgabe test.pdf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\Phonostar-Player\phonostar-Player\phonostarTimer.exe ()
MsConfig - StartUpReg: Vidalia - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 180 Days ==========
[2012.07.12 03:06:05 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 03:02:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:02:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:02:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:02:57 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:02:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:02:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 03:02:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 20:23:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 11:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.06.22 08:23:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 08:23:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 08:22:17 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 08:22:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 08:22:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 08:21:26 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 08:21:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.05.30 18:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.05.30 18:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.05.30 16:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Elster Formular
[2012.05.10 14:17:12 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.10 14:17:12 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.10 14:17:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.10 14:17:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.10 14:17:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.10 14:17:05 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.10 14:17:05 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.03 09:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 09:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.02 15:57:47 | 000,000,000 | ---D | C] -- C:\Aufnahmen
[2012.03.31 06:40:46 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.03.14 12:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.14 08:50:39 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.08 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012.03.08 11:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2012.03.08 11:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2012.03.08 11:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
[2012.03.08 11:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2012.03.05 19:08:55 | 000,000,000 | ---D | C] -- C:\EPSON
[2012.03.01 11:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012.03.01 11:42:26 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012.03.01 11:42:14 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012.03.01 11:42:14 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012.03.01 11:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.03.01 11:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.03.01 11:32:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.01 11:32:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.01 11:32:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.29 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Avira
[2012.02.29 16:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.29 16:28:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.29 16:28:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.02.29 16:28:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.29 16:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.29 14:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\AntiVir2012
[2012.02.29 11:00:47 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Malwarebytes
[2012.02.29 11:00:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.28 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator
[2012.02.28 16:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.02.28 16:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.02.28 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012.02.01 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.02.01 12:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\VLCmediaplayer2
[2012.02.01 12:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2012.02.01 12:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2012.02.01 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\WinRAR
[2012.02.01 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.02.01 12:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.02.01 11:50:56 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Tor
[2012.02.01 11:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle
[2012.02.01 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Vidalia
[2012.02.01 11:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.29 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Auslogics
[2012.01.29 22:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2009.12.03 23:30:22 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 180 Days ==========
[2012.07.15 16:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job
[2012.07.15 15:18:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 15:18:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 10:31:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.15 10:31:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.15 09:18:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 09:18:36 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 03:27:24 | 000,708,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable
[2012.07.05 10:36:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012.07.04 16:30:40 | 000,638,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 16:30:40 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 16:30:40 | 000,130,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 16:30:40 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.13 15:40:21 | 002,047,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.02 10:33:25 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.02 10:25:03 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.02 10:23:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.02 10:21:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.02 10:20:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.02 10:16:52 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.02 10:14:19 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.02 02:03:42 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.05.08 15:50:55 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 15:50:55 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.15 10:02:29 | 000,000,806 | ---- | M] () -- C:\CClea.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 10:16:12 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.01 16:46:01 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.01 16:46:01 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.01 11:42:26 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012.03.01 11:42:14 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012.03.01 11:42:14 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012.03.01 11:42:13 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.03.01 11:31:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.01 11:31:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.01 11:31:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.01 11:31:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.29 16:28:31 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.29 16:08:47 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.02.29 15:44:50 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.02.29 15:41:40 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.02.29 14:28:53 | 000,001,898 | ---- | M] () -- C:\Users\chronos\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 14:28:53 | 000,001,827 | ---- | M] () -- C:\Users\chronos\Desktop\Avira DE-Cleaner.lnk
[2012.02.23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.01 12:47:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.01 12:23:58 | 000,001,058 | ---- | M] () -- C:\Users\chronos\Desktop\PeaZip.lnk
[2012.01.29 22:40:12 | 000,001,217 | ---- | M] () -- C:\Users\chronos\Desktop\Auslogics Disk Defrag.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.10 17:47:49 | 000,000,000 | ---- | C] () -- C:\Users\chronos\defogger_reenable
[2012.07.05 10:35:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012.06.10 11:21:59 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.15 10:02:29 | 000,000,806 | ---- | C] () -- C:\CClea.lnk
[2012.02.29 16:28:31 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.29 14:28:53 | 000,001,898 | ---- | C] () -- C:\Users\chronos\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 14:28:53 | 000,001,827 | ---- | C] () -- C:\Users\chronos\Desktop\Avira DE-Cleaner.lnk
[2012.02.28 17:05:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.02.28 15:46:53 | 2145,968,128 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.01 12:47:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.01 12:14:20 | 000,001,058 | ---- | C] () -- C:\Users\chronos\Desktop\PeaZip.lnk
[2012.01.29 22:40:12 | 000,001,217 | ---- | C] () -- C:\Users\chronos\Desktop\Auslogics Disk Defrag.lnk
[2010.09.06 20:26:43 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.02.17 21:59:15 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.17 21:59:06 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.16 13:00:32 | 000,001,074 | RH-- | C] () -- C:\Users\chronos\XrxWm.ini
[2008.10.16 13:00:31 | 000,000,522 | RH-- | C] () -- C:\Users\chronos\xw45cpdy.dyc
[2007.08.11 21:41:08 | 000,000,086 | ---- | C] () -- C:\Users\chronos\AppData\Roaming\wklnhst.dat
[2007.08.10 20:03:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.08.09 18:36:21 | 000,000,680 | RHS- | C] () -- C:\Users\chronos\ntuser.pol
[2007.08.09 15:23:34 | 000,007,680 | ---- | C] () -- C:\Users\chronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.08 16:00:41 | 000,000,095 | ---- | C] () -- C:\Users\chronos\AppData\Local\fusioncache.dat
========== LOP Check ==========
[2007.09.08 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ACD Systems
[2007.08.09 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Acronis
[2008.11.11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Alien Skin
[2008.01.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ASCOMP Software
[2012.01.29 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Auslogics
[2009.02.04 10:18:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Copernic
[2007.08.08 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DataDesign
[2010.06.25 09:37:13 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DeepBurner
[2010.07.13 08:33:56 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\JAM Software
[2008.03.31 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\McNeel
[2010.03.14 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\OpenOffice.org
[2011.01.13 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar GmbH
[2009.10.02 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar-Player
[2012.02.28 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator
[2007.08.11 21:41:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Template
[2011.05.31 16:13:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Tobit
[2008.05.16 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\WinBatch
[2007.09.08 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\ACD Systems
[2012.02.01 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Auslogics
[2012.07.15 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Canon
[2008.10.16 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\CDZilla
[2009.02.04 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Copernic
[2007.08.15 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DataDesign
[2009.06.11 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DeepBurner
[2012.05.30 18:12:50 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\elsterformular
[2010.07.13 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\JAM Software
[2010.03.27 01:24:06 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\McNeel
[2011.03.30 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia
[2011.03.30 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia Ovi Suite
[2009.10.15 13:49:24 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Octoshape
[2010.02.10 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\OpenOffice.org
[2011.03.29 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PC Suite
[2012.02.01 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PeaZip
[2009.10.02 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar GmbH
[2012.06.17 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar-Player
[2007.10.20 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Template
[2010.09.06 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Tobit
[2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.07.14 22:43:33 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.15 16:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.05.13 14:24:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.02 15:57:47 | 000,000,000 | ---D | M] -- C:\Aufnahmen
[2012.02.27 23:50:42 | 000,000,000 | ---D | M] -- C:\Aufnahmen von LwX
[2010.02.17 22:47:15 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.02.22 20:02:28 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2010.05.24 12:59:59 | 000,000,000 | ---D | M] -- C:\Diverses -aus Ordner C verschoben
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.08.08 13:24:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.05 19:14:40 | 000,000,000 | ---D | M] -- C:\EPSON
[2009.12.31 20:15:36 | 000,000,000 | -H-D | M] -- C:\hp
[2007.08.18 18:56:59 | 000,000,000 | ---D | M] -- C:\Lexware
[2010.11.14 14:28:16 | 000,000,000 | ---D | M] -- C:\löschen
[2007.06.08 21:43:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.01 12:13:34 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.07.08 18:12:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.30 18:11:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.08.08 13:24:59 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.29 00:34:48 | 000,000,000 | ---D | M] -- C:\SicherungIstAufDVD
[2012.07.15 16:57:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.21 23:39:35 | 000,000,000 | R--D | M] -- C:\Users
[2010.11.05 22:37:50 | 000,000,000 | ---D | M] -- C:\vonLaCie
[2012.07.12 03:25:15 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
[2009.12.03 23:29:34 | 004,485,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.13 20:52:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 20:52:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 20:52:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.14 14:23:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.14 14:23:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007.03.19 15:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys
[2007.03.19 15:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1306af02\nvstor32.sys
[2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0f6358b4\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.06.08 21:19:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.06.08 21:19:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable
[2012.07.15 16:42:59 | 008,126,464 | -HS- | M] () -- C:\Users\chronos\ntuser.dat
[2012.07.15 16:42:59 | 000,262,144 | -H-- | M] () -- C:\Users\chronos\ntuser.dat.LOG1
[2007.08.08 13:30:01 | 000,000,000 | -H-- | M] () -- C:\Users\chronos\ntuser.dat.LOG2
[2008.08.16 12:52:18 | 000,065,536 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{27b814f2-6b30-11dd-bff1-001bfc9b0a0f}.TM.blf
[2008.08.16 12:52:18 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{27b814f2-6b30-11dd-bff1-001bfc9b0a0f}.TMContainer00000000000000000001.regtrans-ms
[2008.08.16 12:52:18 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{27b814f2-6b30-11dd-bff1-001bfc9b0a0f}.TMContainer00000000000000000002.regtrans-ms
[2007.08.08 15:30:39 | 000,065,536 | -HS- | M] () -- C:\Users\chronos\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007.08.08 15:30:39 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.08.08 15:30:39 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012.07.15 10:31:30 | 000,065,536 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{93aef1f1-3ebe-11de-bb1a-001bfc9b0a0f}.TM.blf
[2011.08.15 21:40:08 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{93aef1f1-3ebe-11de-bb1a-001bfc9b0a0f}.TMContainer00000000000000000001.regtrans-ms
[2012.07.15 10:31:30 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{93aef1f1-3ebe-11de-bb1a-001bfc9b0a0f}.TMContainer00000000000000000002.regtrans-ms
[2007.08.08 13:30:02 | 000,000,020 | -HS- | M] () -- C:\Users\chronos\ntuser.ini
[2007.08.09 19:18:31 | 000,000,680 | RHS- | M] () -- C:\Users\chronos\ntuser.pol
[2008.10.16 13:00:32 | 000,001,074 | RH-- | M] () -- C:\Users\chronos\XrxWm.ini
[2008.10.16 13:00:31 | 000,000,522 | RH-- | M] () -- C:\Users\chronos\xw45cpdy.dyc
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 15.07.2012 16:56:22 - Run 8
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\R***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,26% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 258,05 Gb Total Space | 152,11 Gb Free Space | 58,95% Space Free | Partition Type: NTFS
Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS
Drive X: | 160,09 Gb Total Space | 53,27 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS
Computer Name: 03-** | User Name: ch*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\Firefox10\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\Firefox10\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Add to .7Z] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-add2multi7z" "%1" (Giorgio Tani)
Directory [Add to .ZIP] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-add2multizip" "%1" (Giorgio Tani)
Directory [Add to archive] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLCmediaplayer2\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse path with PeaZip] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLCmediaplayer2\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DD161-1AB9-46B2-988C-6578B853306C}" = lport=138 | protocol=17 | dir=in | app=system |
"{15D42E30-C642-4ECE-8C6A-9C6EC32929FF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4DDEEB1F-FEEB-42C3-B21D-582A136A42AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{98B53ECB-0A0F-4ECD-B2CC-E86509A86ECB}" = lport=139 | protocol=6 | dir=in | app=system |
"{B20790D5-6FFA-456D-949F-91B2A17CC94B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C4AF2C06-E198-45D0-BB83-7178387B273D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA3CF832-11B0-4608-BC6E-40A988EFD170}" = lport=137 | protocol=17 | dir=in | app=system |
"{D4282888-1259-4D22-B5EB-2FA601699BD0}" = rport=139 | protocol=6 | dir=out | app=system |
"{DF44EAA3-AC20-4C25-8DBD-1B3CF5631C62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA8CE3BA-2DBA-46E3-8344-FAEADF6F75A0}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1394D289-A1ED-4FBD-95DC-0E0AA637B2DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27A9DA49-DEF1-4890-B4AC-67770FFF556F}" = protocol=6 | dir=in | app=c:\program files\radiofx\tobit radio.fx\client\rfx-client.exe |
"{294C6094-1FBD-482A-B834-610410ED7A29}" = protocol=17 | dir=in | app=c:\program files\radiofx\tobit radio.fx\server\rfx-server.exe |
"{2E280106-3A94-4DDC-9473-1130C795511E}" = protocol=17 | dir=in | app=c:\program files\radiofx\tobit radio.fx\client\rfx-client.exe |
"{4F97DAED-6A61-417E-B9AD-2F327E049A2B}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{50645A4E-DCFB-4C89-82DB-8DF182FCF15C}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{6D484284-8A9E-4FA2-B07B-63C5C5B535A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7AC0F24D-3695-4A96-A49E-8B45E7F23DA0}" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.exe |
"{7EE3AC9A-355E-48A3-99EB-8D48AD9C15E4}" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.exe |
"{8563DE22-9512-4E50-A567-4AF0932EDA3D}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{87D548AE-E7BD-45CC-9E45-138D38E82176}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8EA18B35-31B5-4009-8879-1966837700BE}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{8EB6E539-2BF4-4270-94C9-12DFEE00CC8C}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{9E527AA6-3F76-4365-A258-4C80F8EB0AB8}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{A24CE405-B6E2-49AC-8E04-00A4707D35F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BE8AC7B7-E101-44AA-9C93-F4CB145E9DD1}" = protocol=6 | dir=in | app=c:\program files\radiofx\tobit radio.fx\server\rfx-server.exe |
"TCP Query User{20AB0074-DC27-4DA9-BC4B-FAFA7D7A2D25}C:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe |
"TCP Query User{28F490B8-5013-4C41-9046-88DBA7DC8F6F}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{3AF61CCE-E505-4CF2-937D-AC45C895FD51}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{4988014D-E5C9-4893-B477-C3999568E81E}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{77D15871-9709-4B89-9C58-A95065A384F4}C:\program files\phonostar-player\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar-player\phonostar.exe |
"TCP Query User{9FE6B6FC-AE21-4686-8356-1B6E32D00423}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{AF2A335B-81A2-4CA4-B356-5333BCE69455}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CB5D949A-B998-4D8B-9742-742EE7BEAD2D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E7109B46-B51A-4613-BFD9-33ECD6ED7460}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F4FE5337-F729-4486-B8C2-AE9ABA9CE05B}C:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe |
"TCP Query User{FF361458-4A36-46CC-9DCD-BD525B609F31}C:\program files\vlc media player\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\vlc media player\vlc\vlc.exe |
"UDP Query User{051B9140-0B2D-4961-A01B-D17F74546DC2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{10093DF9-0786-456B-96FD-68859A786BE7}C:\program files\vlc media player\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\vlc media player\vlc\vlc.exe |
"UDP Query User{588996DA-84B0-4727-B685-BED959EA1F3F}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{69AFF182-E18A-4E20-9F07-6A209BCF6DDE}C:\program files\phonostar-player\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar-player\phonostar.exe |
"UDP Query User{6C8F9A62-D6E0-495C-B1FC-42D00B12F085}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{730D1183-7235-4A67-BD97-662943460710}C:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe |
"UDP Query User{92BC42B3-D48E-4C12-B9A6-00499CBB314F}C:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe |
"UDP Query User{AA4AC0FC-B5BC-474F-896F-891BC3845F9B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B5C7C4CA-7CCB-4C36-9AAE-5BA6B171B824}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E085251C-7F18-4F7F-9425-BB202D1D1F31}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F7C87BAF-1631-499A-A1F6-EFC00296C496}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1" = Free Screen Video Capture by Topviewsoft 1.1.7
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23CDD348-1E02-4D2C-BDF1-AEAFA3D3B9A7}" = QuickBooks Zeiterfassung
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B73B5E7-AA61-43F3-B9F4-D8BB92725B57}" = Lexware Abschreibungsrechner
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{2FDCE696-AC14-4046-ABA1-B07071B4DDA7}" = Audials
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B0293FF-A9C4-4A41-A0D5-1302429EF0DE}" = Xara Xtreme Pro
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52067C13-0053-450C-9044-9C5226B0F913}" = Lexware online banking 3.40
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.4
"{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}" = Rhinoceros 4.0 SR5b
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{647319F7-7697-4B86-BBD2-36E16908EC08}" = Lexware QuickBooks 2006
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}" = Rhinoceros 4.0 SR6
"{6C9844D6-8384-4217-A80F-887ECB2A3671}" = Rhino 4.0 Aktualisierungshandbuch
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{813C408A-24C4-43E2-A5DF-B683E440234F}" = funScreenScraping Client Version
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A4DB8A1-47B5-4128-A466-CB737E83D830}" = Lexware QuickBooks PLUS 2006
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 SR8
"{97945F04-6009-498E-9015-8FB48437A279}" = Lexware QuickBooks 2006
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A74490C1-5466-4AFA-8E3A-9F4FE1D9CFA6}" = Lexware online banking 3.40
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C475527D-AB5C-47D8-8C25-85CA3E42B5A4}" = Flamingo 2.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D686199B-882E-4550-92C4-BD99A8C295D0}" = Rhinoceros 4.0 SR5
"{D6F64D4F-B539-448E-A5D7-B57EE89193B8}" = Rhinoceros 4.0
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 SR9
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ECC0CADD-0491-4FB0-AAB8-5DC6C371890E}" = Rhinoceros 4.0 SR7
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Anti-Twin 2008-01-08 17.27.48" = Anti-Twin (Installation 17.06.2008)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Camtasia Studio 3" = Camtasia Studio 3
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Cleaning Suite_is1" = Cleaning Suite v1.0
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Defraggler" = Defraggler
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FaJo Timetool / Zeiterfassung_is1" = FaJo - TimeTool
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FreePDF_XP" = FreePDF XP (Remove only)
"GanttProject" = GanttProject
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LastFM_is1" = Last.fm 1.5.4.27091
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"md Design Archiv 2007" = md Design Archiv 2007
"md Design Archiv 2008" = md Design Archiv 2008
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Penguin 2.0" = Penguin 2.0
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.1
"PhotoStitch" = Canon Utilities PhotoStitch
"Polipo" = Polipo 1.0.4.1
"PowerArchiver" = PowerArchiver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhino 4.0 SR7 SDK" = Rhino 4.0 SR7 SDK
"Rhino RDK" = Rhino RDK
"Rhinoceros 3.0" = Rhinoceros 3.0
"SpeedFan" = SpeedFan (remove only)
"SSC Service Utility_is1" = SSC Service Utility v4.30
"SystemRequirementsLab" = System Requirements Lab
"TBSB03603.TBSB03603Toolbar" = Amazon Toolbar
"Tor" = Tor 0.2.2.35
"TreeSize Free_is1" = TreeSize Free V2.4
"Vidalia" = Vidalia 0.2.15
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.0-rc1-20120131-0203
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 13.07.2012 02:38:37 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.07.2012 01:54:25 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 01:54:25 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 01:54:25 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.07.2012 07:28:56 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 07:28:56 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 07:28:56 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 15.07.2012 03:20:24 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.07.2012 03:20:24 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.07.2012 03:20:24 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report > --- --- --- |