| wendover | 28.07.2012 19:30 |
Sperrtrojaner - Der Computer ist für die Verletzung der Gesetze...
Hallo, ich habe mir vor einer Stunde auch diesen Trojaner eingefangen
Sperrbildschirm "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik...
mit Aufforderung zur Zahlung von 100 EUR / UCASH etc.
Bin in einem anderen Account online
nachfolgend OTL.txtOTL Logfile: Code:
OTL logfile created on: 28.07.2012 20:04:26 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\ADMIN\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 73,72% Memory free
15,93 Gb Paging File | 13,58 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1105,49 Gb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 242,61 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
Drive E: | 99,00 Mb Total Space | 85,24 Mb Free Space | 86,10% Space Free | Partition Type: NTFS
Computer Name: RGO | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.28 20:04:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Downloads\OTL.exe
PRC - [2012.07.19 19:45:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.31 05:00:28 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe
PRC - [2012.05.31 04:33:48 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.05.24 22:38:30 | 000,418,816 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2012.05.21 15:55:00 | 000,577,536 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2012.05.14 16:50:29 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 16:50:29 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 16:50:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 16:50:29 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 16:50:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 16:50:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.01.12 18:03:00 | 006,540,592 | ---- | M] (ASCOMP Software GmbH) -- C:\Program Files (x86)\ASCOMP Software\Synchredible\synchredible.exe
PRC - [2011.11.15 18:56:26 | 000,907,003 | ---- | M] () -- C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.11.29 15:33:22 | 001,040,552 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2010.04.16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009.07.14 03:14:27 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netsh.exe
PRC - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009.02.24 15:47:08 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.19 19:45:31 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 19:20:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 23:07:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.16 17:12:50 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2011.11.15 18:56:26 | 004,011,940 | ---- | M] () -- C:\Program Files (x86)\ServeToMe\Contents\Windows\AppKit.1.0.dll
MOD - [2011.11.15 18:56:26 | 002,389,917 | ---- | M] () -- C:\Program Files (x86)\ServeToMe\Contents\Windows\Foundation.1.0.dll
MOD - [2011.11.15 18:56:26 | 000,907,003 | ---- | M] () -- C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe
MOD - [2011.11.15 18:56:26 | 000,049,424 | ---- | M] () -- C:\Program Files (x86)\ServeToMe\Contents\Windows\Security.1.0.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.23 17:16:19 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.10.19 15:17:42 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.19 19:45:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.31 05:00:28 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2012.05.21 15:55:00 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2012.05.14 16:50:29 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 16:50:29 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 16:50:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 16:50:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 16:50:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.06.30 16:46:32 | 000,121,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010.04.16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.14 16:50:29 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.05.14 16:50:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 16:50:29 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.05.14 16:50:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.05.02 01:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.11 14:52:54 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011.02.14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011.02.14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.16 18:21:38 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2010.08.16 18:21:34 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda)
DRV:64bit: - [2010.08.16 18:21:30 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2010.08.16 18:21:26 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2010.04.16 15:34:06 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.19 15:50:12 | 006,098,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008.02.29 04:17:08 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012.05.02 01:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.06.28 19:07:33 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 20:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.20 20:02:58 | 000,000,000 | ---D | M]
[2011.10.09 14:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Extensions
[2012.02.11 20:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\biz3ucvm.default\extensions
[2012.02.11 20:04:51 | 000,003,974 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\biz3ucvm.default\searchplugins\sweetim.xml
[2012.02.11 20:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 19:45:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.01 21:50:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012.06.17 16:42:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 16:42:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:42:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:42:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:42:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:42:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium\TrayServer_de.exe (MAGIX AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA3EDD18-86FA-41BF-A2F5-D28493EBB7F2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\qvp - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.28 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Scansoft
[2012.07.25 20:31:09 | 000,196,608 | ---- | C] (brother) -- C:\Windows\SysWow64\Pdrvinst.dll
[2012.07.25 18:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.07.25 18:33:46 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012.07.25 18:33:46 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012.07.25 18:33:46 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012.07.25 18:33:46 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012.07.25 17:25:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.07.20 20:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.20 20:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.20 20:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.20 20:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.20 20:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.20 20:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.07.06 23:25:13 | 000,000,000 | ---D | C] -- C:\Downloads
========== Files - Modified Within 30 Days ==========
[2012.07.28 20:05:48 | 000,001,403 | ---- | M] () -- C:\Users\ADMIN\Desktop\OTL.exe - Verknüpfung.lnk
[2012.07.28 19:46:40 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 19:46:40 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 19:41:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.28 19:40:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.28 19:38:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.28 19:38:34 | 2120,736,767 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 13:11:49 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 13:11:49 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 13:11:49 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 13:11:49 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 13:11:49 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.25 20:40:50 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.25 20:40:29 | 000,000,770 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.07.25 20:40:29 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.07.25 20:40:28 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.07.25 20:40:11 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08c.dat
[2012.07.25 20:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2012.07.25 20:30:25 | 000,000,080 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.07.25 18:34:11 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.07.21 09:06:21 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.20 20:11:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.17 20:08:44 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2012.07.12 03:21:34 | 000,547,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.07.28 20:05:48 | 000,001,403 | ---- | C] () -- C:\Users\ADMIN\Desktop\OTL.exe - Verknüpfung.lnk
[2012.07.25 20:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.07.25 20:30:25 | 000,000,080 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.07.25 18:35:02 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.25 18:34:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.07.25 18:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.21 09:06:21 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.20 20:11:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.19 18:42:13 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2012.01.17 23:16:14 | 000,000,680 | RHS- | C] () -- C:\Users\ADMIN\ntuser.pol
[2011.11.20 20:28:42 | 000,007,618 | ---- | C] () -- C:\Users\ADMIN\AppData\Local\Resmon.ResmonCfg
[2011.11.11 23:50:51 | 000,002,346 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.08.03 13:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
[2011.07.30 22:31:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.07.30 22:31:52 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.12.23 19:17:41 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.23 18:37:32 | 000,000,770 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.12.23 18:37:32 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.12.23 18:36:48 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.23 18:36:01 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.12.23 17:21:01 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.12.19 17:15:50 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.12.19 17:09:59 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.12.19 17:08:37 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2010.12.19 15:45:47 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P242580GD.ini
[2010.12.19 15:26:13 | 000,000,052 | ---- | C] () -- C:\Windows\Intuprof.ini
[2010.12.19 15:26:12 | 000,000,946 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010.12.19 12:16:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.19 01:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.19 01:41:37 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.12.19 01:41:37 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.12.19 01:41:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.12.19 01:41:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.12.19 01:30:50 | 000,042,157 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.12.19 01:29:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.12.19 01:29:53 | 000,030,804 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== LOP Check ==========
[2012.05.25 16:05:22 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\DisplayTune
[2012.01.14 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Lexware
[2012.06.06 16:30:01 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\LockHunter
[2011.12.13 21:36:27 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\MAGIX
[2011.10.07 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\NASNaviator2
[2012.01.17 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\ProjectsWithLove
[2012.05.25 16:06:09 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\QlikTech
[2012.02.11 20:58:47 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Sytexis Software
[2011.11.04 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\XMedia Recode
[2012.06.06 20:23:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
< End of report >
--- --- ---
********************************************************
Extras.txtOTL Logfile: Code:
OTL Extras logfile created on: 28.07.2012 20:04:26 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\ADMIN\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 73,72% Memory free
15,93 Gb Paging File | 13,58 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1105,49 Gb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 242,61 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
Drive E: | 99,00 Mb Total Space | 85,24 Mb Free Space | 86,10% Space Free | Partition Type: NTFS
Computer Name: RGO | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020808A8-0770-4D81-A3CF-58CD4E2A1E8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06E0505F-8F03-4638-8C74-91EDDC125E9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BAC95BC-3C2C-48B4-BA8B-B1EF2A946502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0C9CE684-C109-46D1-80BF-421383069969}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16EAB3C4-87A3-48E5-ACF0-A74411D311C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F57A608-82CD-479E-9EE8-68683AC5D50E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{1F744E82-F339-4FB3-A417-31DBF7633436}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{2404E15A-61AF-4913-8DB4-762C661D2469}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BFF417B-B3F8-4472-B5FA-BA694A12F5F4}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{34594138-2AE4-4230-A1F3-414EF929EB3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3AD65568-D094-47E8-A338-B1C23ED3DF01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{51E58923-0A1D-4886-A491-7672DFAF65FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52505735-35F4-4193-8D95-8717A7A99225}" = rport=445 | protocol=6 | dir=out | app=system |
"{5895CBD2-9BA0-489A-9A15-F8046E5F52EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{6E342DCD-65E1-4654-819E-8C77D7CE2379}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FB1519F-C2D3-4398-9C38-B58B3762560A}" = lport=138 | protocol=17 | dir=in | app=system |
"{7A9FDE2D-8438-417A-945A-DC0BFFAF3C0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{85ECEF4F-2019-4DB5-ACF3-144C993318BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9854A27-7ACC-4701-AF22-B7A7EFD69F20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B682210B-08F2-4119-96DE-3E76381D553B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D48EFFA1-E2B8-402B-8E4D-5E1DABD95783}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E6862937-99E2-4847-8745-115E97E34C73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F791ACBA-8F9D-4BF9-B7AB-60CAFDE2E52B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F7D597AA-6A19-482F-B464-0BD956001ED2}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9F54996-5375-4A76-A005-5D6BFF2FF7C5}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02790022-921B-4B1F-9774-AB82C8DD1D41}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{13AD0CC6-D07C-49D1-A271-9AF364270764}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{16FE9F71-DA2C-4519-8DED-BAE38344A844}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{175FC769-E9AC-45C4-B93E-832DFB67326A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D4563BE-6210-447D-99B2-B5E71DB3BB23}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1D69B3EA-1988-4EE3-A5F2-E6DF62E6BA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{230E2B4E-CB70-45FB-8397-F7BD7A10E8BA}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\extend\wintvextender.exe |
"{234F1AD9-E5F8-4634-85DA-2879E44AF940}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{352D2174-9530-463A-B272-A636B84CD65E}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\extend\wintvextender.exe |
"{395D150A-82BF-45C3-A7E6-3751AABEE161}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B83E80E-80E4-4583-8A6E-F323C91FC815}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DD57B13-86A4-4F1A-AAB2-E1AE88A958D1}" = protocol=6 | dir=out | app=system |
"{3E73741F-1186-49B4-A4AF-787BD7E50547}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{3EBED621-CCAF-453F-867E-B4589D6F9AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{42189FEA-CB3A-4DC7-9967-8A4BBDD02162}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{485C5EA6-A84E-4BC8-AFD8-A0163DA42CA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C192356-B408-4BFD-A41D-D480E69D2AAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{571DBF73-C445-41F4-8FAE-4E59994A98A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5C5CB3E7-2EB3-43EF-A2B0-B199555D23DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5E8B4D61-1350-44BC-B806-1A57FA7E71AC}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{62817BFD-B450-4AE6-B0DC-06486CC83DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe |
"{6E286A9B-0F46-483C-A4D3-AB8887371ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{6EE740BA-55FA-4EC7-9A15-45646F0F583A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72F6FA43-C524-498F-A9D5-E12B2DA6EEF2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{772574FE-F648-48F1-98BB-6C457F8BC0E0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{8A60A2FD-1D42-45A9-B2C3-CC52CF0F6763}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{8F24B199-02F4-4DA0-A268-F67C99802ACD}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe |
"{95CD0432-4941-4652-AF8E-C175C85E4CCC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2FDD064-124C-48BD-B2A3-AF4BD9BB68A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B83B2ED0-750D-4A76-9BA8-5F44EFE8E277}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\extend\wintvextender.exe |
"{B8767970-EC1C-478A-B1C4-0D23B481E8A4}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\extend\wintvextender.exe |
"{C6AB95A8-2F43-42E1-A473-08FE7CCE1EC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F7690A-BD95-4E70-8EC2-6DDD126BE642}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7FE6B8A-BA91-43B3-A34F-60AFDFC68810}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{CB4852B8-4BC6-4C7D-ADBE-4230570ED02D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF4594C5-C27E-4C61-AE90-BFE6D497BB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1D7932F-E191-466D-BCE2-852E7CFF7695}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{E407E8A4-7FBA-4B55-87BC-35F9D4FB3BA9}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{F51462BE-B098-4A33-B6AF-77E2F382532A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F77F2D47-2AF7-4081-9A81-FF7FB076DA9E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8D542A3-0E24-4BDE-ABB3-6634D5EA0475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{593A568A-3B12-479B-9BA6-7FB604834D5B}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{DD52C141-8801-4718-9492-A5FECC14FFE7}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDF51C-EAD0-4D01-A91F-DB8803D133C1}" = Microsoft SQL Server 2005 Analysis Services 9.0 OLEDB Provider
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{120F2308-86AE-E1BB-E0AE-F598807DFCE5}" = ATI AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{3973DD74-2444-1CD4-278A-E7A77E4E53EE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{E81A0194-0334-07A8-9757-2D0C65BF2F09}" = ATI Catalyst Install Manager
"{F319934C-1C5E-4B89-9A8E-DDF1C54A040E}" = QlikView x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{08EE3698-AAB9-4BAD-BDF4-0BE0A9157222}" = ArcSoft Codec
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-795CW
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23887221-512C-8DE0-8FCD-15AFBA0D105C}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E39BA76-09F8-FBA6-25BA-E9A1D9D87547}" = Catalyst Control Center Graphics Previews Vista
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4EBEF92D-673B-4A22-B4A9-4EEFB6A20D7D}" = MAGIX Foto Manager 10 deluxe
"{558DD876-6EA3-03FF-7BCA-D5F6F0BD504F}" = Catalyst Control Center Graphics Full Existing
"{563923A6-FD4F-4D69-B555-2A6DA854A556}" = DDBAC
"{5794F702-8B55-4C38-9EFE-EE8D7D97EF8D}" = Meine Anlauttabelle
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66F2F163-9155-4776-9BE2-0955120C0E2F}" = MAGIX Fotos auf DVD MX Deluxe
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73CDCA64-491D-4EA8-CD8B-AE69CE1373F8}" = Catalyst Control Center Localization All
"{765443B7-555F-4E8C-9C96-A52409AE4E4A}" = Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A86409C5-ABB1-901D-7059-889D11F67F2D}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (MAGIX)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B647F95C-E31D-438A-8C8F-5A8A03B950FC}" = MAGIX Screenshare
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{BE3F95E1-2482-4642-8EE0-160993135200}" = Brother MFC-795CW
"{C3DF6B7D-BDF3-AC88-F2D2-05FCFC1A66DC}" = ccc-core-static
"{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C82185E8-C27B-4EF4-2009-2222BC2C2B6D}" = Microsoft MapPoint Europa 2009
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CCDDAA87-1C54-B1FB-BD7E-CC910EA7DDB9}" = Catalyst Control Center Graphics Light
"{D0B04095-3A02-4F4A-A007-29C6D5A60A4D}" = KM-Explorer 2.92
"{D38E0393-29F4-4260-9E90-820BF00AFAEC}" = MAGIX Speed burnR (MSI)
"{D982FFA1-51C2-4187-8EED-563F718536A3}" = MAGIX Video deluxe MX Premium
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EEBABD91-2B8C-DB09-17C1-D7B661A040C9}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FB280574-F82B-FD8F-B338-756749A94B74}" = CCC Help German
"{FECD0210-722B-4D1E-A5F2-7253D2EAA9B4}" = Mobile Mouse Server
"3MFIV8_is1" = 3M FileInspector Workplace Version 8
"Adam " = Adam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"Direct Stream Recorder" = Direct Stream Recorder (remove only)
"DivX Setup.divx.com" = DivX-Setup
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"Fraps" = Fraps
"Free Studio_is1" = Free Studio version 5.1.5
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{5794F702-8B55-4C38-9EFE-EE8D7D97EF8D}" = Meine Anlauttabelle
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"MAGIX_MSI_Digital_Foto_Maker_10" = MAGIX Foto Manager 10 deluxe
"MAGIX_MSI_Fotos_auf_CD_DVD_MX_Dlx" = MAGIX Fotos auf DVD MX Deluxe
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
"NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows
"NewBlueFX Light Blends" = NewBlueFX Light Blends
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Pixum Fotobuch" = Pixum Fotobuch
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"ServeToMe_is1" = ServeToMe 3.6.6.0
"Synchredible_is1" = Synchredible v3.3
"UN060501" = BUFFALO NAS Navigator2
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.4.6
"xvid" = XviD MPEG-4 Video Codec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.07.2012 14:53:09 | Computer Name = RGO | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/25 20:53:09.292]: [00002980]: Initialize TwdsMain
Class failed!
Error - 26.07.2012 12:48:24 | Computer Name = RGO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.07.2012 13:34:03 | Computer Name = RGO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.07.2012 00:16:18 | Computer Name = RGO | Source = ServeToMe | ID = 1
Description =
Error - 27.07.2012 01:01:02 | Computer Name = RGO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.07.2012 07:52:58 | Computer Name = RGO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WinTV7.exe, Version: 1.0.30149.0,
Zeitstempel: 0x0000002e Name des fehlerhaften Moduls: DivXDecH264.ax, Version: 9.0.1.21,
Zeitstempel: 0x4bb65af8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000fa0da ID des fehlerhaften
Prozesses: 0x12e4 Startzeit der fehlerhaften Anwendung: 0x01cd6bed74145772 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax
Berichtskennung:
9b760b40-d7e1-11e1-a084-20cf30e3073a
Error - 28.07.2012 04:07:33 | Computer Name = RGO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.07.2012 04:51:51 | Computer Name = RGO | Source = ServeToMe | ID = 1
Description =
Error - 28.07.2012 06:20:22 | Computer Name = RGO | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service RGO\032-\032MAIN\032DEVICE._servetome._tcp.local.
port 9969.
Error - 28.07.2012 13:41:17 | Computer Name = RGO | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service RGO\032-\032MAIN\032DEVICE._servetome._tcp.local.
port 9969.
[ System Events ]
Error - 28.07.2012 07:07:24 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:07:24 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:07:45 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:07:45 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:08:48 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:08:48 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:08:48 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 07:08:48 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 08:51:19 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.07.2012 08:51:19 | Computer Name = RGO | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
< End of report >
--- --- ---
Malwarebytes Scan läuft noch.
Was soll ich tun??? Ich hoffe dass ich alles auf die Reihe bekomme...
Vielen Dank schon mal an die Helfer! |
