Wird gemacht. Hoffentlich noch in diesem Leben. ;-)
Hallo Petra,
hier nun das Log-File von Malwarebytes. Die Funde waren allesamt von alten Backups auf den externen Platten und wurden entfernt.
Gern hätte ich die beiden OTL-Logs wie gewünscht attached, aber da ist eine Dateigrößenbeschränkung anderer Meinung. Ich kopiere sie daher wie gehabt als Code hier herein und hoffe, das geht in Ordnung.Code:Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.26.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 Besitzer :: BESITZER-PC [Administrator] 26.02.2012 14:46:59 mbam-log-2012-02-26 (14-46-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1403688 Laufzeit: 4 Stunde(n), 56 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 G:\Backup\Daten\Backup Uni 060409\C_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\Eigene Dateien\Netscape\Programme\buttons.0xe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\Backup\Daten\Backup Uni 060409\C_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\update-dll.exe (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\Backup\Daten\Backup Uni 060409\C_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\SYSTEM\advert.dll (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\Eigene Dateien\Netscape\Programme\buttons.0xe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\Eigene Dateien\Netscape\Programme\gozilla.exe (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\update-dll.exe (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\SYSTEM\advert.dll (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)
Code:OTL logfile created on: 26.02.2012 19:56:50 - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Besitzer\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,15 Gb Available Physical Memory | 69,12% Memory free 12,11 Gb Paging File | 10,17 Gb Available in Paging File | 83,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,99 Gb Total Space | 16,75 Gb Free Space | 1,83% Space Free | Partition Type: NTFS Drive D: | 14,52 Gb Total Space | 2,00 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Drive G: | 596,02 Gb Total Space | 36,62 Gb Free Space | 6,14% Space Free | Partition Type: FAT32 Drive L: | 29,84 Gb Total Space | 1,83 Gb Free Space | 6,12% Space Free | Partition Type: FAT32 Drive M: | 1397,23 Gb Total Space | 389,09 Gb Free Space | 27,85% Space Free | Partition Type: NTFS Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.23 22:12:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe PRC - [2011.12.15 16:34:03 | 000,527,312 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2011.12.15 16:33:35 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.08.23 17:07:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.08.23 17:07:34 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.08.23 17:07:30 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.08.23 17:07:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.23 17:07:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.11.03 17:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.11.03 17:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2009.02.27 12:04:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.DEU ========== Win32 Services (SafeList) ========== SRV - [2011.12.15 16:33:35 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.08.23 17:07:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.08.23 17:07:34 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.08.23 17:07:30 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.08.23 17:07:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.04.09 14:05:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.11.03 17:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2004.01.28 17:25:24 | 000,020,537 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe -- (RMWPService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 16:25:15 | 000,068,520 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\acsmux64.sys -- (acsmux) DRV:64bit: - [2011.12.15 16:25:15 | 000,045,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\acsint64.sys -- (acsint) DRV:64bit: - [2011.08.23 17:08:02 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.23 17:08:02 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.08.03 21:22:47 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ADBE.tmp -- (MEMSWEEP2) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.02.16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2010.11.10 03:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC) DRV:64bit: - [2010.11.10 03:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.07.16 12:59:11 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd) DRV:64bit: - [2010.06.22 03:51:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.03 17:10:08 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.08.06 17:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.02.22 14:33:00 | 000,151,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2008.02.22 14:32:58 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2008.02.22 14:32:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007.11.02 14:52:00 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService) DRV:64bit: - [2007.11.02 14:37:24 | 000,018,944 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp) DRV:64bit: - [2007.06.20 13:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem) DRV:64bit: - [2007.01.23 19:03:34 | 000,008,704 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV - [2009.09.09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/03 22:06:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.05.01 17:10:23 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.09.10 02:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.21 21:04:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.23 18:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2010.11.03 21:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.21 15:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.02.23 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.02.23 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.10.21 12:29:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.05.30 15:04:58 | 000,118,784 | ---- | M] (FreshDevices Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npfd.dll O1 HOSTS File: ([2012.02.22 03:00:40 | 000,441,283 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15169 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM () O8 - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62632E66-D937-48B8-AC15-74322738F369}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74FC6BA9-80D2-46D0-ACC6-DD8BFCF11334}: Domain = vpn.uni-saarland.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74FC6BA9-80D2-46D0-ACC6-DD8BFCF11334}: NameServer = 134.96.7.100,134.96.7.99 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFA65053-C53C-4947-BD23-E7ED470BEC6D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.15 13:07:44 | 000,057,344 | ---- | M] () - L:\AutographsAndMore_2012_1501.wdb -- [ FAT32 ] O32 - Unable to obtain root file information for disk L:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.26 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Portico Quartet [2012.02.26 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Edward Ka-Spel [2012.02.25 12:22:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012.02.25 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.25 11:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.02.25 09:15:49 | 015,634,456 | ---- | C] (Mozilla) -- C:\Users\Besitzer\Desktop\Firefox_Setup_10.0.2.exe [2012.02.24 19:00:42 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012.02.24 19:00:42 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2012.02.24 19:00:42 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2012.02.24 19:00:42 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2012.02.24 18:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.02.24 18:48:50 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.02.24 18:48:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.02.24 18:48:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.02.24 18:48:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.02.24 15:50:44 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\ttt [2012.02.23 22:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.02.23 22:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012.02.23 22:12:27 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2012.02.21 17:31:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\vlc [2012.02.21 17:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.02.19 09:27:06 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2012.02.19 09:25:15 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll [2012.02.15 15:21:46 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.15 15:21:40 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.15 15:21:40 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.02.15 15:21:40 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.02.15 15:21:40 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.02.15 15:21:40 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.02.15 15:21:40 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.15 15:21:40 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.15 15:21:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.15 15:21:39 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.02.15 15:21:39 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.02.15 15:21:39 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.02.15 15:21:39 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.15 15:21:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.26 19:49:15 | 000,149,606 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.26 19:49:14 | 000,149,606 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.26 19:48:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.26 19:48:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.26 19:48:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.26 15:53:46 | 000,000,216 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat [2012.02.26 15:44:05 | 001,428,480 | ---- | M] () -- C:\Users\Besitzer\Desktop\Cddatei_2012_2602.wdb [2012.02.26 07:42:44 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.26 07:42:44 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.26 07:42:44 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.26 07:42:44 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.26 07:42:44 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.25 19:13:30 | 000,002,525 | ---- | M] () -- C:\Users\Besitzer\Desktop\HiJackThis.lnk [2012.02.25 15:29:07 | 000,406,528 | ---- | M] () -- C:\Users\Besitzer\Desktop\Dvddatei_2012_2402.wdb [2012.02.25 12:12:08 | 000,165,376 | ---- | M] () -- C:\Users\Besitzer\Desktop\SystemLook_x64.exe [2012.02.25 09:15:50 | 015,634,456 | ---- | M] (Mozilla) -- C:\Users\Besitzer\Desktop\Firefox_Setup_10.0.2.exe [2012.02.24 19:26:12 | 006,204,711 | ---- | M] () -- C:\Users\Besitzer\Desktop\Frank2.mp3 [2012.02.24 19:00:07 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012.02.24 19:00:07 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2012.02.24 19:00:07 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2012.02.24 19:00:07 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2012.02.24 18:48:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.02.24 18:48:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.02.24 18:48:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.02.24 18:48:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.02.24 17:34:30 | 000,012,919 | ---- | M] () -- C:\Users\Besitzer\.recently-used.xbel [2012.02.24 17:29:52 | 000,602,197 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2161_sm.jpg [2012.02.24 17:24:55 | 000,255,756 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw_sm.jpg [2012.02.24 17:24:01 | 000,521,942 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sm.jpg [2012.02.24 17:22:49 | 000,662,299 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw.jpg [2012.02.24 17:18:10 | 000,709,538 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b.jpg [2012.02.24 16:31:25 | 008,597,547 | ---- | M] () -- C:\Users\Besitzer\Desktop\ttt-telepathy.mp3 [2012.02.24 16:25:31 | 000,162,816 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.24 14:05:27 | 000,034,304 | ---- | M] () -- C:\Users\Besitzer\Desktop\Bluraydatei_2012_2402.wdb [2012.02.24 10:50:06 | 000,066,895 | ---- | M] () -- C:\Users\Besitzer\Desktop\Zauberwürfel_3x3x3lsg.pdf [2012.02.24 08:51:59 | 118,714,958 | ---- | M] () -- C:\Users\Besitzer\Desktop\Strangeways radio.mp3 [2012.02.24 08:44:51 | 000,597,437 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2052cr.jpg [2012.02.24 08:44:51 | 000,414,609 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2200cr.jpg [2012.02.24 08:44:51 | 000,387,841 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2161.jpg [2012.02.24 08:44:51 | 000,363,303 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083.jpg [2012.02.23 22:56:29 | 001,410,192 | ---- | M] () -- C:\Users\Besitzer\Desktop\sar_15_sfx.exe [2012.02.23 22:12:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2012.02.23 18:52:19 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.02.22 03:31:46 | 000,000,160 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\default.rss [2012.02.22 03:00:40 | 000,441,283 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.02.22 02:53:49 | 000,001,059 | ---- | M] () -- C:\Users\Besitzer\Desktop\Spybot - Search & Destroy.lnk [2012.02.21 17:30:10 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.02.16 14:58:52 | 000,000,800 | ---- | M] () -- C:\Users\Besitzer\Desktop\Hardware Sicher Entfernen.lnk [2012.02.15 22:17:28 | 000,330,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.11 13:33:59 | 000,057,856 | ---- | M] () -- C:\Users\Besitzer\Desktop\AutographsAndMore_2012_1102.wdb [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.26 15:13:29 | 000,000,216 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat [2012.02.25 12:12:08 | 000,165,376 | ---- | C] () -- C:\Users\Besitzer\Desktop\SystemLook_x64.exe [2012.02.25 11:22:59 | 000,002,525 | ---- | C] () -- C:\Users\Besitzer\Desktop\HiJackThis.lnk [2012.02.24 19:25:54 | 006,204,711 | ---- | C] () -- C:\Users\Besitzer\Desktop\Frank2.mp3 [2012.02.24 17:34:30 | 000,012,919 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel [2012.02.24 17:29:52 | 000,602,197 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2161_sm.jpg [2012.02.24 17:24:55 | 000,255,756 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw_sm.jpg [2012.02.24 17:24:01 | 000,521,942 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sm.jpg [2012.02.24 17:22:48 | 000,662,299 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw.jpg [2012.02.24 17:18:10 | 000,709,538 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b.jpg [2012.02.24 16:31:07 | 008,597,547 | ---- | C] () -- C:\Users\Besitzer\Desktop\ttt-telepathy.mp3 [2012.02.24 10:50:06 | 000,066,895 | ---- | C] () -- C:\Users\Besitzer\Desktop\Zauberwürfel_3x3x3lsg.pdf [2012.02.24 08:46:38 | 118,714,958 | ---- | C] () -- C:\Users\Besitzer\Desktop\Strangeways radio.mp3 [2012.02.24 08:44:51 | 000,597,437 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2052cr.jpg [2012.02.24 08:44:51 | 000,414,609 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2200cr.jpg [2012.02.24 08:44:51 | 000,387,841 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2161.jpg [2012.02.24 08:44:51 | 000,363,303 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083.jpg [2012.02.24 07:26:31 | 000,030,259 | ---- | C] () -- C:\Users\Besitzer\Desktop\hjtscanlist.bat [2012.02.23 22:56:27 | 001,410,192 | ---- | C] () -- C:\Users\Besitzer\Desktop\sar_15_sfx.exe [2012.02.23 18:52:19 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.02.22 02:53:49 | 000,001,059 | ---- | C] () -- C:\Users\Besitzer\Desktop\Spybot - Search & Destroy.lnk [2012.02.21 17:30:10 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.02.19 09:44:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.02.16 14:58:07 | 000,000,800 | ---- | C] () -- C:\Users\Besitzer\Desktop\Hardware Sicher Entfernen.lnk [2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.07.29 18:31:24 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.03.10 19:53:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== LOP Check ========== [2009.05.25 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Buhl Data Service [2011.06.20 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Celemony Software GmbH [2009.08.21 17:04:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase [2009.11.21 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Cisco [2009.05.25 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\dBpoweramp [2011.09.19 17:46:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft [2011.09.19 17:46:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.24 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\EndNote [2009.07.14 08:31:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\EPSON [2012.02.25 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\foobar2000 [2012.02.24 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\gtk-2.0 [2009.05.06 06:32:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ISI ResearchSoft [2011.01.02 12:07:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech [2009.05.01 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Samsung [2009.04.06 13:54:00 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template [2010.11.03 21:13:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird [2010.09.21 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TomTom [2009.08.08 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Tonium [2009.09.17 05:35:18 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TrafficMonitor [2012.02.23 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent [2009.08.07 17:42:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch [2010.01.24 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Xilisoft [2009.06.12 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Xilisoft Corporation [2012.02.26 19:47:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
Code:OTL Extras logfile created on: 26.02.2012 19:56:50 - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Besitzer\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,15 Gb Available Physical Memory | 69,12% Memory free 12,11 Gb Paging File | 10,17 Gb Available in Paging File | 83,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,99 Gb Total Space | 16,75 Gb Free Space | 1,83% Space Free | Partition Type: NTFS Drive D: | 14,52 Gb Total Space | 2,00 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Drive G: | 596,02 Gb Total Space | 36,62 Gb Free Space | 6,14% Space Free | Partition Type: FAT32 Drive L: | 29,84 Gb Total Space | 1,83 Gb Free Space | 6,12% Space Free | Partition Type: FAT32 Drive M: | 1397,23 Gb Total Space | 389,09 Gb Free Space | 27,85% Space Free | Partition Type: NTFS Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 70 8F E7 BF 58 A2 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EF32B01-4EE1-46D6-ACDB-6AB2682DF34D}" = lport=139 | protocol=6 | dir=in | app=system | "{2BFBE230-C5AD-4E4E-9FEA-66F16BA32189}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6ADD5457-474A-4EA7-9A9E-6CD1B6747B50}" = lport=138 | protocol=17 | dir=in | app=system | "{6AF7C4E0-4529-4B22-8592-513EBA966388}" = rport=445 | protocol=6 | dir=out | app=system | "{730D3C19-2D06-42D3-BC18-E7563FE7662D}" = rport=139 | protocol=6 | dir=out | app=system | "{90740CBF-C4A3-4AD1-8162-E95ACD965E28}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{ABC684FD-794F-45E9-AEAE-82B109B4623E}" = lport=445 | protocol=6 | dir=in | app=system | "{B67C1C8D-F232-4282-8521-1B95F8958857}" = rport=137 | protocol=17 | dir=out | app=system | "{D11A39DF-5E74-400E-B20E-E78005D3481F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EEC8BC1C-3F5F-4128-9383-125398744FCF}" = rport=138 | protocol=17 | dir=out | app=system | "{F4D7E999-1DDF-4B11-AB22-E47F51B16064}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D231EDF-46B2-4FFA-99AD-B19C75F1D4AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0F45ABD0-2DD2-4CBC-B0D3-16B7809F5EB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{18E27AD6-6094-4193-9066-56525AB22694}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{20B94F37-AA02-4C2A-BED0-45E74D969802}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{26B3FCC2-61B1-408F-861E-277A4865C22E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{289E6B25-8296-4A5D-9E5A-78778234C5DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2CDD4297-B909-429D-808E-9E087E298ACA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{3390991D-8E38-4D51-943B-A96BFEBA06F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{39A7270F-85FF-48DE-9AB9-5282B101E2FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{3C1794FD-AB55-47FB-9D04-D0D4B9D56EFD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{40A07069-FD86-49D4-984A-24CB8A63ABC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{56F38999-7E61-4F45-9B93-5517F7BB363A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6D5EADBE-5B3B-4F02-8C87-141647A486A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{8B5D4B91-BF56-421C-A83B-4FCA6213F482}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{8F399CDB-1AD1-445A-8702-AEC234C868E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{90EAFE9A-68C1-463B-90A8-F6A76AAB563F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{A5A2B8E6-8ED8-42FE-952B-087AF63018E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{AFFDFC11-DA05-4065-998B-E179D6386B68}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{B0F1CA15-8004-413F-807F-59B55FFBC5FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{B1FDA163-70EA-4306-97EB-C8EB7EF7A9CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B71FFE92-37CA-4C88-8721-DD76E2E8914F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{C8C67B3A-56E4-4E71-8FB6-AFE24FAC34F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CA0AD87D-0787-45FF-9407-16E8DB840907}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{D65124CB-2482-46B9-88C3-17A17B5D436A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{E204CD6F-212A-4024-9359-3B898EA34D87}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{FB31B8E7-3465-4DD3-9242-3472D7EC295D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{474D630E-8726-45D2-B400-F290640104BC}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | "TCP Query User{BDD1C86F-CCF4-463F-A775-DDC928A8B91E}C:\program files (x86)\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 9\nero showtime\showtime.exe | "TCP Query User{CCFF1898-E4EB-45A9-8458-E8A492C1D781}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{F50A60F3-AC1A-4612-820C-E9C0BD1D3CD7}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | "UDP Query User{0610E6F9-DB75-428F-98AF-38EAB457C2F9}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | "UDP Query User{867FD66D-8518-45D8-9AED-880BE7FE93B8}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | "UDP Query User{DBA14573-2FDA-4EA9-AC2B-50B6D9FBFF64}C:\program files (x86)\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 9\nero showtime\showtime.exe | "UDP Query User{F9C55DAD-400E-4339-BAE4-4A425DF2AB15}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit) "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7DE223C2-C857-44E5-9311-67AA5731B39B}" = Melodyne Runtime 4.0 (x64) "{8164DB37-0ED4-4DDA-9644-E0B7A42205CB}" = Motorola Driver Installation 3.4.0 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Testversion von Microsoft Office Home and Student 2007 "PC-Doctor for Windows" = Hardware Diagnose Tools "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "WinGimp-2.0_is1" = GIMP 2.6.6 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009 "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011 "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help "{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3 "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements "{65D9DA69-4C22-46CA-B762-A338CAC94599}" = Amos 18 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{702ba406-4881-495d-9cbf-a0e0b750c692}" = Nero 9 "{70B338F0-C957-4079-A3A1-63C68258CE92}_is1" = Fast AMR M4A AC3 WAV MP3 WMA Audio Converter 2.5 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8BCAC105-C501-41F9-AED1-587024ABCA8C}" = Reference Manager 12 Professional Edition "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BBFB384-E7AF-4397-A5F2-EB856E0BB645}" = Fritz6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}" = DirComp "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BBCAA1F8-DBC5-46A4-B734-21D446E75FD2}" = Motorola Phone Tools "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "ACDSee 32" = ACDSee 32 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira AntiVir Professional "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "dBpoweramp Music Converter" = dBpoweramp Music Converter "EPSON Scanner" = EPSON Scan "foobar2000" = foobar2000 v1.1.8 "Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908 "FTP Commander" = FTP Commander "Image Analyzer" = Image Analyzer "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "Lanmonitor 3" = Lanmonitor 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Monkey's Audio_is1" = Monkey's Audio "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20 "STANDARD" = Microsoft Office Standard 2007 "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009) "TomTom HOME" = TomTom HOME 2.7.6.2056 "VLC media player" = VLC media player 2.0.0 "WAV Converter_is1" = WAV Converter 1.0 "Web Photo Album_is1" = Web Photo Album 1.2 "WildTangent hp Master Uninstall" = My HP Games "Winamp" = Winamp "WinRAR archiver" = WinRAR "Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.02.2012 11:19:25 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error - 26.02.2012 11:39:15 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\WEDll\waveedit.dll.Manifest". Die abhängige Assemblierung "SMC,processorArchitecture="x86",type="win32",version="6.3.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 26.02.2012 11:39:38 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\AudioEffects\AudioEffectLibrary.dll.Manifest". Die abhängige Assemblierung "SMC,processorArchitecture="x86",type="win32",version="6.3.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 26.02.2012 14:50:17 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error - 26.02.2012 14:50:17 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error - 26.02.2012 14:50:21 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2012 14:51:52 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 26.02.2012 14:51:52 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 26.02.2012 14:51:54 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 26.02.2012 14:51:54 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 26.02.2012 14:49:53 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009) Description: CVCCONFIG_ERROR_UNEXPECTED Error - 26.02.2012 14:50:12 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 26.02.2012 14:50:19 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 26.02.2012 14:50:19 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1084 NULL object. Cannot establish a connection at this time. Error - 26.02.2012 14:52:26 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67110872 Description = Failed Route change: Action: DelRoute Destination: 192.168.2.255 Netmask: 255.255.255.255 Gateway: 192.168.2.100 Interface: 192.168.2.100 Metric: 256 Error - 26.02.2012 14:52:26 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp Line: 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CDtlsProtocol::timerCallback File: .\DtlsProtocol.cpp Line: 398 Invoked Function: CDtlsProtocol::retransmit Return Code: -31719410 (0xFE1C000E) Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CCdtpProtocol::OnTunnelInitiateComplete File: .\CdtpProtocol.cpp Line: 449 Invoked Function: OnTunnelInitiateComplete Return Code: -31719410 (0xFE1C000E) Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp Line: 1156 Invoked Function: Initiate tunnel callback status Return Code: -31719410 (0xFE1C000E) Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED DTLS tunnel state 0 Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866 Description = Function: CTlsTunnelMgr::OnTunnelInitiateComplete File: .\TlsTunnelMgr.cpp Line: 619 Invoked Function: CTlsTunnelMgr::OnTunnelInitiateComplete Return Code: -31719410 (0xFE1C000E) Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback [ OSession Events ] Error - 10.05.2009 12:38:12 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2779 seconds with 180 seconds of active time. This session ended with a crash. Error - 14.06.2009 15:13:05 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 725 seconds with 360 seconds of active time. This session ended with a crash. Error - 29.08.2009 02:27:00 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 518 seconds with 480 seconds of active time. This session ended with a crash. Error - 25.07.2010 05:47:04 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.05.2011 15:59:32 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1371 seconds with 360 seconds of active time. This session ended with a crash. Error - 10.07.2011 05:06:27 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 25.02.2012 10:54:43 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7031 Description = Error - 25.02.2012 10:59:12 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 25.02.2012 11:00:27 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026 Description = Error - 26.02.2012 02:19:06 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.02.2012 02:20:55 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026 Description = Error - 26.02.2012 09:31:51 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.02.2012 09:33:41 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026 Description = Error - 26.02.2012 14:48:35 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.02.2012 14:50:22 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7011 Description = Error - 26.02.2012 14:50:22 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
