Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.11.2011, 14:38   #1
kid77
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Ich habe das selbe Problem wie dieser User (http://www.trojaner-board.de/104840-...-system32.html) und OTL bereits scannen lassen. Hier der Inhalt der beiden Logfiles:

Extras.TxtOTL Logfile:

Code:
ATTFilter
OTL Extras logfile created on: 07.11.2011 14:19:14 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = F:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 52,91% Memory free
16,05 Gb Paging File | 12,45 Gb Available in Paging File | 77,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 260,77 Gb Total Space | 128,88 Gb Free Space | 49,42% Space Free | Partition Type: NTFS
Drive D: | 98,55 Gb Total Space | 60,06 Gb Free Space | 60,94% Space Free | Partition Type: NTFS
Drive E: | 98,43 Gb Total Space | 46,03 Gb Free Space | 46,77% Space Free | Partition Type: NTFS
Drive F: | 457,75 Gb Total Space | 149,95 Gb Free Space | 32,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 232,88 Gb Total Space | 146,52 Gb Free Space | 62,92% Space Free | Partition Type: NTFS
 
Computer Name: ACER | User Name: Kerstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "D:\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "D:\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 43 C0 37 4F 11 95 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12AD26B9-A810-44BC-974C-6F8386C7AB44}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1C2CB42E-C599-42AD-8EF7-6A45DF7F1634}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2430D71B-B9DA-4AEE-9F2E-5E94381CE325}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{24629F65-2FBD-4D45-AEF7-86775BD27142}" = rport=137 | protocol=17 | dir=out | app=system | 
"{261FBCEB-B0BC-4452-9694-1453512123CA}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2EF50E1F-0B6B-4444-9DE6-7DACCBA72164}" = lport=137 | protocol=17 | dir=in | app=system | 
"{39D36AB4-318D-481C-9926-B818375A99CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4CF8FC58-D0CA-461E-B06B-68E2C663868A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{57EC851A-46B5-476E-A472-A5CC49F66405}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5AE7B6F6-6891-441B-81A2-0BCE6CE1A338}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{89AF35D8-9A48-430A-AF13-88E9228F5C91}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A87DD1A5-205F-4F35-A186-D93301CE6C6E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AAE9F2EF-D8E8-4112-A313-F84252C66505}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C875E573-3DE0-439B-916C-9B64A3238709}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{D25E9ADA-3F18-4933-82A1-E18F7C801DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002CAE0B-72A1-44BE-AB75-A8871F44033D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{018DFA8B-2ED0-4B19-AED9-8B396DDE911A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{056E9178-07D2-4508-B439-F6DB8398BD39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{062B0498-24B6-4026-9A5E-8977BB2E119F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{073AC2F6-4DCC-4306-BC03-D8DEB86FDD8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{073D6FF6-E7CD-47BA-840B-549454317D55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{09BAA15D-8D69-4FB2-9DB5-25CC9A1B09E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0A15F19E-F89C-452A-BC4C-392C0ABB3316}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0B7E2EC0-C9E9-4B3F-9E54-AFE7594B6658}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0B9C1E69-9322-4E49-A364-D08F21C3EF9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{12E315E1-800E-44C7-B13D-D89048CA7177}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer homemedia connect\homemedia connect.exe | 
"{137442BD-550B-4DDF-A335-9FA6853987F2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{1481D9A7-67DC-49A3-95C0-072CF3ED49EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{14C51B4C-B86A-4A2E-906F-6988B89A3D8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1544B5B2-B2B4-4616-BE2C-6E10174100B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{15BEA19C-3CB6-4C25-B0F1-A1BA2933CCF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{15D28F11-6848-4AC0-8351-EECD611CE5C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{16DE7D67-D7A9-42A0-88F4-4D665BC467C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1703767A-3BCE-48C0-B15A-20E1F5E4521B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{187C65B8-C490-430F-8D14-764DA976710A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1882505D-AA87-45C4-BD26-E7C5CCFF9A64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1A7B45A5-CD90-4A59-AFDB-4A825B35EB0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1B184916-3777-42D9-8B0D-6734F098A438}" = protocol=6 | dir=in | app=c:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1B8C3B05-44B1-4E2E-8D87-42573D4F7093}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1D0DBEA1-3165-4C04-9270-458257C1E24E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1DD5BF27-CCD4-4079-977E-549DB24AE3A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1FEAB13E-F0D3-468E-9513-EA6D85DA5985}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{2027A990-D36B-4A80-9185-253761317821}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{210894DA-7C2D-41F1-92EA-BD12A815CA53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{21D0888C-F329-4AAE-9E0B-85E8F6243DE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{21D97EBA-4B4F-4FC8-83B7-B46CAEF59363}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2210F410-0DEF-4D55-AA5C-E3AA2C365E86}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{224746FE-BF14-4734-A3A2-ABD4050C156E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{228DC9D8-EB44-4A86-B3C4-33DC5C8F93C7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{232E5729-0CB4-43CE-BDFE-4E0306408AA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2834B91E-0E89-4397-91E5-BFCD25559146}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2AD0BB6E-B8C1-402D-BEEF-6DCD01295C60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2C83B1C5-41B6-4F72-849A-5C07CCD4CAC2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{2C8839B8-99B3-4A57-98F8-A0D1D41BFD4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2C96CCEE-9272-4613-BAA8-06AC1D164724}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{32618715-F87C-437D-90CD-00F9EA5FD1E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{34120182-608A-4F36-86AE-9DF23AFA6C40}" = protocol=17 | dir=in | app=d:\teamviewer\version5\teamviewer.exe | 
"{34D6E219-9C8A-42C9-8846-C514B7D30E85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3549C005-8E46-4709-8BB1-1FF12732EE74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3584C614-472D-4590-BF14-EE3991540BA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{371CCE1C-A4C9-4364-BC08-CF81396D5007}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{37A24764-FD4D-4905-8D77-89DE75C6F018}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A659CB9-3949-4913-A09A-654DEC651E5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A8C0EED-AC3E-4A3B-8683-128BB4C12155}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3AA48BCE-4CEB-4946-BEF9-FCBC05FFB219}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3E977004-684D-46E5-A2FC-983FCB43F080}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4454345A-F352-49AC-AE4F-B8CF8989A364}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{44B7FF2C-35BA-4FEF-AD03-1F51FC1DF365}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{464B7330-D2FD-49AF-B033-9F4ADDDF9E4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{471E9DB6-55D7-4E95-B876-BF99822CD73A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{47DD1719-BEC0-4E7E-B4A6-6F42BF5F1628}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{4DE55CD5-A8DF-4982-AB6E-7AA515CC9CC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4E1BF75D-4B5F-4D26-B438-998A07C07933}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4E26384C-6CFD-4FB1-9DAE-9DC41893D190}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{51D9EAB8-F9A0-4CC2-BA5E-FB6D6636BB3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{522CC012-E6B7-4A31-B4B1-7B344E1CB7A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5276E6C8-C5B6-4422-B3F9-477FE347B1D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5306F4CB-DCAB-4C71-BD83-AF2171CF15D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5498101A-29C1-4369-84BA-4877059F07DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{56B2F209-4406-4D47-9FCC-7900550C04C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{56B55C0A-C819-486A-8E55-36B143C698FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{56CA8D4D-1D74-45C3-B072-DB88A3C765D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{58DBE8EF-434C-4F73-B69B-8EF8B8D2DFE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{591A1FB4-89C6-46D8-926B-35AFFA811977}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59D8D29B-3821-4202-8910-4A9B95972E6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5AA9D8AE-6A6E-43B2-9E24-A8A74C83E783}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5F05D3D0-AA94-4B2E-ADD4-79DE77C0EB83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{61D4FC77-7769-4357-AE7E-E5347EA168EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{642195D9-8E5B-4EBE-9FDD-C34962F29029}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{643BA6F6-F937-4070-A43C-A8807861C24A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64BDFDF7-957C-4D60-8C61-C60E50B4C113}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64C3BBCD-1B83-4488-B26B-32EFE51AB845}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{658350B2-E2F8-412D-8A9E-3E166CA26292}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{65A12FA5-099C-41BF-9E56-D9C6FEDD6E0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6668A618-B4F0-4412-AF58-CD9232BE6D73}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{66C2BFDC-FF3F-43B3-AFA6-755884096F03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{67241054-37B9-4FAD-B5C3-08F66AB14FDB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{68E057FA-DDD0-4FC2-8AAE-A792B550266E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{68E32956-6CE2-451C-92BE-0C4FE6C65E8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{68E84F02-F85B-4307-8A27-2F611C280937}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{69677BC1-EB4C-4A9A-8CF1-C12B6EF2D686}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6973D4AF-7F08-4383-A0E7-25FE245DC3E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6C85EA1C-F836-4045-B2EC-14D6825B6EE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6CDCBB26-11B5-4F65-819E-63799FBEE6E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7042A63F-E80A-44FB-BB49-EAE336E2B8D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7128EDD9-C0F0-4475-9435-6B08EEBEFE28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{71A7D70E-CC0C-443E-BEB7-973D4D3C4282}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{71AAF86C-1C57-44C7-90AB-B1E151CFB9E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{71BEF0D2-1B89-4576-8E25-30F12FF6C5B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{73242AB3-69E0-46B6-AAAF-E1782EC6A42D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{737D7627-B494-478F-8F49-8D07B9276A4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{764903F0-4630-4389-9F6C-9E5E591B1D9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{77D8B5A4-20ED-42E2-80C0-4A7306E0ED33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7AC4776F-E3A5-46B0-83A4-929B24FA45E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7AEB2924-FB4B-4EB5-B2AD-236D785ABD4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7BB96EE8-7D47-47A2-9059-D8F72FFAD293}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7BE59586-4142-4100-B301-A90745194F60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7CDA187F-4F2B-4F98-83E6-8A076D051B16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7FA4E0F4-E3F7-4304-8162-26B05130E003}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8443D537-D42E-489B-A995-05657259B420}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8494D5FF-E144-4225-8B8B-D99D7C049F4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{84CF4F25-6351-40E8-A0DB-B261F42EA203}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{85C38A4C-F28C-4517-B705-06E6FECEBFD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8A480181-7FDB-49C0-84BC-D04FE654218B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8A7F813F-7EF8-4CE7-A2EA-399F5402BC7A}" = dir=in | app=d:\itunes\itunes.exe | 
"{8B75FBE9-D5FD-41E6-A621-7998B037EBD9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{8CFF4E18-81E8-4A23-B6AB-80EE68133D72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8D6FF476-A855-4F60-B790-61FFE41DDC6A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{8DC48280-E75B-4DE0-9B88-7F7FA7F841BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8E3AB924-16FE-49B4-95B4-3DC76A797F29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8F3AD6CD-332B-4444-A3E4-A834541B2D60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FE1CAA9-797E-4A92-AC5B-B0C602F2AD09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9031DF59-C8C8-4CBE-B144-2A3B3F50FFD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{908AF909-A3E5-45C9-AC2B-BD753B0E622A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{920295CB-D336-4884-BD40-3B59CEE05B7C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer homemedia connect\kernel\dms\clmsservice.exe | 
"{931D01B7-5345-4A1F-AE67-10756E048633}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9498C16A-8790-4E10-8158-8B37D7D40CEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{952457EA-8F8E-4BEE-AD08-63E40A90F995}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{97679D9D-54FE-4E8F-99BC-22F602D0838D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{97BBCBA5-A9A0-4DB9-9657-E0A75224B078}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{97D35448-E0D4-440C-8DAE-1314E0DCAC95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{97EB0CAB-C6DA-4AA6-92FB-52199B257181}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{99F31982-10ED-4360-A68E-8D72763FBBB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A4C4159-00A5-4568-A5A0-3DD0CCF18CFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9B6F597B-E960-4A51-84C9-0E3E732D898B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9E16DCA0-DD13-44AA-A858-2D1896FE5EBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F635C74-99D7-4534-8C4A-283E9EED4B57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A109D15A-9AED-46E3-A0E4-4444793BDC8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A1880A2F-C478-4781-AD9B-CF7B9A336B42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A1CC766C-C952-4F95-9783-3F0C8E8A6527}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A22A65FE-9CDB-4E23-B360-EE83FFFA2433}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A31F08C5-B20B-4EC3-B046-07E1601AC2B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A5327328-CB0C-4A3A-B44D-A7A8116B01B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A64C4A09-7BAB-4BB9-A3B5-5821816CA93F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A79B7146-2F3B-4EDB-9AC2-7E545CAD4701}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A7F362BC-C6EB-4DE6-9440-D35C21D00556}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AA1E99E7-C6DF-4948-A2E8-1B4316212317}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AA510F00-F895-4A12-9DFB-0BD6D218958A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ABEAE7DC-D27F-4542-814E-D83426F1FD03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{ACC1D418-98D8-49B3-9CC2-24564C582B39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ACD08A5C-5D91-4BFA-BEEA-0EF7209C60A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AE43E6FD-30F0-468C-A25B-0DD595FD91A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B0F53CD4-0AA2-4500-B7CE-A5827F77E035}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B15D597F-1146-47AB-A1ED-9460E54B4E06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B1D80730-CE6C-4B85-BEC3-F01F05181779}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B32DBF56-E551-4621-8D7D-E8669D57190B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{B4C1227E-6B44-4EE8-9170-B56FB5D5A741}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B57246CD-8940-4F34-A685-E1BE4775CB08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B575AE9B-982A-442D-BBCA-493E189EBBC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B5844358-BB1D-40AA-A102-DCB129A4A596}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B660F338-8C10-499A-BD7B-0E4F379CCB92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B6A33667-B631-4945-82FC-55BABFA3A406}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B73FE10D-9B01-4EEC-AB8A-E87DC72DE37C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B78122F3-9EBF-4E6F-BF74-29648D850B22}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B7C7A431-44D3-4CA9-8A6A-B2BBB34B728C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8557B3A-6E93-403B-8517-D5A23AECB9A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8A9A24A-43BD-4F25-9F25-F0708DBB6A5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8EA6126-8852-4858-9C19-B20C7571CD94}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BAE83872-1482-4EBC-AB3A-C8CD47BEDB3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB6ADB36-E90A-4CC2-9BC9-8912097E49FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC00DDE6-832E-4AF0-9569-AD35C11D0783}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BCD6C2CC-BA04-47BB-A694-0F4873B0CA48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BD07EE71-E536-4ED2-A55B-7F7D263DFB25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BD3C2E43-10AD-4964-99A0-DA2C804A601D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BDC5CDBC-BBF5-4C8D-AFE5-A85A298FAE47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BEFAFE48-A335-42B3-AF36-F0FB8550545E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BF5AF3C4-9B60-4126-9957-D39E88650C4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BFC5ABC8-AC17-45E4-9779-6FA67E796690}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C00910E9-B10B-4741-9AB5-115966150FC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C0CB4106-4462-4434-86D3-7EE2B4AFA15F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C2704635-EE7F-4268-B35A-8C8042EA1380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C5097165-939B-49BC-98B8-F9A079AA902B}" = protocol=17 | dir=in | app=c:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C5118D22-D543-459A-B23E-2A8B66CA83EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C7E9EEE9-3CB0-457D-BC42-1AA4885140A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C832C37C-78E9-43D4-AD62-54545E585CD8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{C8CFC193-1A04-4FA1-B82A-4EE88257395D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA756E7B-007A-4EA3-9602-E333613D03D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA75E79F-5DE5-4C56-BB42-FE6FBFF15CE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CB4D4A67-3D8F-4C9D-B8C5-A767AA983563}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CB6F6156-71D4-4B20-A65F-D9934F2A75E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CBB01F69-04AB-414A-A5EF-E7D2FAD41B1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CBB3DCE7-C991-4A97-BCB2-1489B10091BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CD311A1F-2108-471D-AD4E-CC1CDD97A383}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CECCCFF9-A675-42FB-80FD-2942EBC10305}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D3EE7F19-0F06-436F-903D-F394939B1ACC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D4057FF5-9EE2-47DF-B111-514F3265763C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D51EB0C5-F23D-4916-AD37-5A12508F9592}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D551A72B-C07F-4B30-AF5B-C2675D343B3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D614DC42-BA23-43FD-97E3-25E3DB841584}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D7505916-C620-4344-9745-2CABE0CEECBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D7FDF642-8B6D-430B-9DC0-896E8A259D09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DBA12C03-D89C-48EE-B4A3-0E078A27DBA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DBB2A1C8-C9E9-4768-9398-F282AA0DCEFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DC038D0B-971F-41FD-9D35-CE53EEA3AEC1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{DDE1E20A-268E-441F-BC14-D7FC2E8D1F6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DE596FD4-51BC-4DE1-928B-C061C3C250EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DE7F875B-E2D2-4A84-99BA-6AE49A0F0A59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E050A619-1DEE-49F3-AFD6-FCA34585BC19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E0F892A2-0B1E-47A0-8A6F-B557B5CEC502}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E1118EF3-52C7-4B4B-850A-48B083E1CD69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E4910F6D-CD58-40F6-9FD4-18C20ECEE54D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E5A4491B-E7F9-4E4E-A83C-EFE5F1D8F958}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E60A13CA-3204-424E-BC3C-EDB5C8F405D1}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E655D5F6-0A46-4203-BC99-E0661EAE7272}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{E7573355-F4E6-4280-9758-8833B3CD6567}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E8A18122-2280-4CB5-8FAD-8A6740D8A6B5}" = protocol=6 | dir=in | app=d:\teamviewer\version5\teamviewer.exe | 
"{E9A3296D-9893-4F78-8845-B0215770BCC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EA4E0671-7F75-4139-8074-580B3DF8F2EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EBD3A463-F45F-4855-AB58-4A859C2DBAD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EBDAE9AD-3AA9-4362-9BD0-D4B79EE30905}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ED0631DA-08AD-4CC4-BB2C-C4D475C73D65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ED8FDE26-6D4E-41D0-94D3-D2ADD36921AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EF88F5E3-1A59-4046-AA18-3017A50B562F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EF972EA8-E31B-44F5-82A3-D91EC5D8EF98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F12E63A0-9B82-44D0-9BDA-A12BAA3DFA62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4911CC8-31B1-45A3-AF7A-34B33174AA9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F5978E83-EB33-48C3-9925-15945E3C910B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F60B472C-C60C-4B53-9C5C-D54456C3A37E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F636EC74-092E-4DB4-B368-BBB992799124}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F68A64C5-63A5-4774-8D8A-6CEB1B4E4588}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F7A91D48-B9D1-4ECA-8DC3-6388BE28B6F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F83CF704-31C5-45AA-98E4-11297C5F3A8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F8D04F63-1349-4639-B0A1-EF050D8F4106}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{FA0720F1-11A7-45A7-87EC-1B3497AE330D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FA4E9851-AAC0-4144-AD1F-B7249FC62851}" = protocol=6 | dir=in | app=d:\microsoft office 2010\office14\groove.exe | 
"{FD481D21-C9AA-4580-9D1E-2AC91AE5E869}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FF175801-8388-4A47-8BDC-125F80793C34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FF561BFD-6C0C-4B44-ABFD-DF4930349176}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2FEB0360-525D-C76A-DA39-51CEA1D00290}" = ATI Catalyst Install Manager
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}" = Nitro PDF Reader 2
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C0AD3BF1-8CBC-49BE-6AC0-0F56B226975B}" = ccc-utility64
"{C40D6727-57FE-4671-B51A-69B0F21F44B5}" = Microsoft SQL Server Management Studio Express
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor
"{0235AB73-63DD-5544-4744-FBDEC2E4FDCB}" = Catalyst Control Center Graphics Previews Vista
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15886D4F-CBFC-7943-217A-D035561C4E4B}" = CCC Help Spanish
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Ovi Files
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C596F4C-2771-9EF6-4755-B8EFAE48D7D2}" = Catalyst Control Center Localization Danish
"{1EBB4501-6521-4D70-9E9A-301757CD00D6}" = MSI US54SE II Wireless Client Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}" = TotalMedia Setup
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4714C3-2FEE-A1D5-BC30-3C42540D0D96}" = Catalyst Control Center Graphics Full Existing
"{2FEFABB1-C318-B3C0-FE93-1C9CA101ED6D}" = CCC Help Finnish
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32C0A3EA-E824-1FBD-09A9-34E17BF1D85F}" = CCC Help Norwegian
"{3315E5D3-A2A7-7B09-5209-1B473747949C}" = CCC Help German
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{407B3022-058E-4A98-BC45-112970F9027D}" = StarMoney Business 3.0 
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42CA6365-0777-FA79-1BD5-5FB967E0A708}" = Catalyst Control Center Localization Norwegian
"{43AA03F5-785D-E4EA-A807-716CD4690734}" = Catalyst Control Center Localization French
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{45D1C008-BC8C-BB47-34AD-BE4AB0791E76}" = Catalyst Control Center Localization German
"{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C48BF85-09DF-4AD1-B8F1-2AFFCA83A32C}" = Qualidator SiteAnalyzer
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4E1D4EE7-EBD0-E04B-DA43-BF94ADA36618}" = Catalyst Control Center Localization Swedish
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B48A8D9-D1AD-4424-BD4D-E462737099DF}" = SportTracks 3.0
"{5E0FB219-2A76-448B-997D-4308C4288026}" = Lexware büro easy 2010
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F4830E-3098-7764-B551-8F077FB799E9}" = CCC Help English
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F396FFB-CC3A-4335-BC0B-2AEF38F4492C}" = Microsoft WSE 2.0 SP3
"{6FE2F5A6-8DC6-41B9-84AE-9FB32BCF7C02}" = Natural Color Pro
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7329B69F-8C17-8838-609C-550C9F1333CF}" = Desktop Web Analytics - For Piwik
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82A7004C-CDA5-40F1-A086-6D8BCE7C5DB0}" = ArcSoft TotalMedia 3.5
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8C135A-F9ED-5EC6-C7D5-CE5923583654}" = Catalyst Control Center Core Implementation
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D96012C-6DCC-92AE-E428-615651B63D2C}" = CCC Help Danish
"{8E732D82-FBFB-0D08-5A00-506AB54EADC7}" = Catalyst Control Center Graphics Full New
"{8F18881C-AEA8-820B-D723-EE62FAE55BA3}" = Catalyst Control Center Localization Finnish
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93078533-C867-D67B-5AD9-E68B8FC119B1}" = CCC Help Swedish
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE2FAE0-D562-2FF2-8856-8A1B57997F1F}" = CCC Help Italian
"{9F74B6DE-B89C-4532-AFED-5AB0CCAAC1DF}_is1" = TCX Converter 2.0.18
"{A076D6DF-2D6F-4c50-B032-700A924AA6D1}" = Lexware Abschreibungsrechner
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A6011F20-8EAA-E783-5C7A-BF6D8DC694C4}" = Skins
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B5DBA2-5480-E883-5FA7-DAF5927247DA}" = Catalyst Control Center Localization Italian
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}" = Lexware zeitmanagement 2011
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{C47AFB4C-9581-7BF7-351C-886ED95E2AC9}" = Catalyst Control Center Graphics Light
"{C51FF8A2-D1A3-2A14-B088-26C861DA642D}" = CCC Help Japanese
"{C90C99AC-6F1E-7F55-F91B-D81A12F4540B}" = Catalyst Control Center Localization Dutch
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D47F9C63-D544-09FC-E03E-09405C0215C8}" = CCC Help French
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1C3A1AD-7254-CFCA-135E-7B1390267659}" = Catalyst Control Center Localization Japanese
"{E2D55DB1-D005-4FA6-89AF-49BC64BCA3DA}" = Langmeier Backup
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{E8A2C0F7-A196-5A59-C6EF-B2D6698D0999}" = ccc-core-static
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F028F7CF-BFAF-C420-1E75-429D9C354C89}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4.2
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF88B174-8326-29B5-3B2E-3850523AD94F}" = Catalyst Control Center Localization Spanish
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion)
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.1.7
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1" = Desktop Web Analytics - For Piwik
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"FileZilla Client" = FileZilla Client 3.3.5.1
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.91
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FreeCommander_is1" = FreeCommander 2009.02a
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GPS2PowerTrack Plugin_is1" = GPS2PowerTrack Plugin
"GSiteCrawler" = GSiteCrawler
"IETester" = IETester v0.4.6 (remove only)
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Movies" = Movies
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MSC" = McAfee SecurityCenter
"NCP RWS/GA" = NCP Secure Entry Client
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2
"Paymo_is1" = Paymo 3.0
"PokerStars.net" = PokerStars.net
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Security Task Manager" = Security Task Manager 1.7h
"seopowersuite" = SEO PowerSuite
"SopCast" = SopCast 3.2.4
"Spyware Terminator_is1" = Spyware Terminator
"ST6UNST #1" = mailto Konverter
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WonderWebWare CSS Menu Generator_is1" = WonderWebWare CSS Menu Generator 4.0
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2011 08:36:14 | Computer Name = Acer | Source = MySQL | ID = 100
Description = Can't find messagefile 'C:\mysql\share\english\errmsg.sys'    For more
 information, see Help and Support Center at hxxp://www.mysql.com.    
 
Error - 07.11.2011 08:36:14 | Computer Name = Acer | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 07.11.2011 08:46:32 | Computer Name = Acer | Source = MySQL | ID = 100
Description = Can't find messagefile 'C:\mysql\share\english\errmsg.sys'    For more
 information, see Help and Support Center at hxxp://www.mysql.com.    
 
Error - 07.11.2011 08:46:32 | Computer Name = Acer | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 07.11.2011 08:46:46 | Computer Name = Acer | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2011 08:57:34 | Computer Name = Acer | Source = MySQL | ID = 100
Description = Can't find messagefile 'C:\mysql\share\english\errmsg.sys'    For more
 information, see Help and Support Center at hxxp://www.mysql.com.    
 
Error - 07.11.2011 08:57:34 | Computer Name = Acer | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at hxxp://www.mysql.com.


 
Error - 07.11.2011 08:57:45 | Computer Name = Acer | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2011 09:32:26 | Computer Name = Acer | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.11.2011 09:32:26 | Computer Name = Acer | Source = Windows Search Service | ID = 3013
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 21.01.2011 06:39:29 | Computer Name = Acer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 21.01.2011 17:01:25 | Computer Name = Acer | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 21.01.2011 17:01:25 | Computer Name = Acer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 22.01.2011 18:57:30 | Computer Name = Acer | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 22.01.2011 18:57:30 | Computer Name = Acer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 24.01.2011 18:48:15 | Computer Name = Acer | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 24.01.2011 18:48:15 | Computer Name = Acer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 25.01.2011 04:45:02 | Computer Name = Acer | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 25.01.2011 04:45:02 | Computer Name = Acer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 25.01.2011 18:52:15 | Computer Name = Acer | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ System Events ]
Error - 07.11.2011 08:46:46 | Computer Name = Acer | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.11.2011 08:51:28 | Computer Name = Acer | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 07.11.2011 08:54:57 | Computer Name = Acer | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 07.11.2011 08:57:45 | Computer Name = Acer | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 07.11.2011 08:57:45 | Computer Name = Acer | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.11.2011 08:57:45 | Computer Name = Acer | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 07.11.2011 09:00:20 | Computer Name = Acer | Source = DCOM | ID = 10005
Description = 
 
Error - 07.11.2011 09:01:22 | Computer Name = Acer | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.11.2011 09:01:22 | Computer Name = Acer | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.11.2011 09:02:07 | Computer Name = Acer | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         

Alt 07.11.2011, 14:39   #2
kid77
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



OTL.TxtOTL Logfile:

Code:
ATTFilter
OTL logfile created on: 07.11.2011 14:19:13 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = F:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 52,91% Memory free
16,05 Gb Paging File | 12,45 Gb Available in Paging File | 77,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 260,77 Gb Total Space | 128,88 Gb Free Space | 49,42% Space Free | Partition Type: NTFS
Drive D: | 98,55 Gb Total Space | 60,06 Gb Free Space | 60,94% Space Free | Partition Type: NTFS
Drive E: | 98,43 Gb Total Space | 46,03 Gb Free Space | 46,77% Space Free | Partition Type: NTFS
Drive F: | 457,75 Gb Total Space | 149,95 Gb Free Space | 32,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 232,88 Gb Total Space | 146,52 Gb Free Space | 62,92% Space Free | Partition Type: NTFS
 
Computer Name: ACER | User Name: Kerstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\6DSS92c31Apgjk.exe ()
PRC - C:\ProgramData\DnpkVAIhmGU.exe ()
PRC - D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - D:\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Users\Kerstin\AppData\Local\IRMonitor.exe (ITE Tech. Inc.)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - d:\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\NCP\SecureClient\NcpBudgetGui.exe ()
PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee\VIRUSS~1\mcvsshld.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - d:\NCP\SecureClient\rwsrsu.exe ()
PRC - D:\NCP\SecureClient\rwsrsu.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - D:\Langmeier Backup\lmbackup.exe (Langmeier Software GmbH, Switzerland)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\COMMON~1\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - D:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - D:\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - d:\NCP\SecureClient\NCPSEC.EXE ()
PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
PRC - d:\NCP\SecureClient\ncpclcfg.exe (NCP engineering GmbH)
PRC - D:\Multiscreen\MultiScreen.exe ()
PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\6DSS92c31Apgjk.exe ()
MOD - C:\ProgramData\DnpkVAIhmGU.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6811eaa8b0f958064288a31d8e481326\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - D:\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Spyware Terminator\TorentDll.dll ()
MOD - D:\NCP\SecureClient\NcpBudgetGui.exe ()
MOD - D:\NCP\SecureClient\NCPMIF32.DLL ()
MOD - D:\NCP\SecureClient\NCPDLG.DLL ()
MOD - D:\NCP\SecureClient\rwsrsu.exe ()
MOD - D:\NCP\SecureClient\rsussl.dll ()
MOD - D:\NCP\SecureClient\ncpclcfg.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - D:\Multiscreen\MultiScreen.exe ()
MOD - D:\Multiscreen\MGResGer.dll ()
MOD - D:\Multiscreen\ServiceHook.dll ()
MOD - D:\Multiscreen\MultiMon.dll ()
MOD - D:\Spybot - Search & Destroy\sqlite3.dll ()
MOD - D:\Spybot - Search & Destroy\Plugins\Fennel.dll ()
MOD - D:\Spybot - Search & Destroy\Plugins\Chai.dll ()
MOD - D:\Spybot - Search & Destroy\Plugins\Mate.dll ()
MOD - D:\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll ()
MOD - D:\NCP\SecureClient\NCPCFG.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_807ba95.dll ()
SRV - (Apache2.2) -- F:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Browser Defender Update Service) -- D:\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TeamViewer5) -- d:\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ncprwsnt) -- d:\NCP\SecureClient\ncprwsnt.exe (NCP Engineering GmbH)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (rwsrsu) -- d:\NCP\SecureClient\rwsrsu.exe ()
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CyberLink Media Server Service) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (CyberLink Media Server Monitor Service) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe ()
SRV - (CLHNService) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NcpSec) -- d:\NCP\SecureClient\NCPSEC.EXE ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ncpclcfg) -- d:\NCP\SecureClient\ncpclcfg.exe (NCP engineering GmbH)
SRV - (MySql) -- F:/xampp/mysql/bin/mysqld-nt.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys (ITETech                  )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\DRIVERS\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (ncplelhp) -- C:\Windows\SysNative\DRIVERS\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (ncpfilt) -- C:\Windows\SysNative\DRIVERS\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys (Egis Incorporated.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys (Egis Incorporated.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys (Egis Incorporated.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\DRIVERS\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\DRIVERS\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=1v361209qp07973480l85nh7518l3o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=1v361209qp07973480l85nh7518l3o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=1v361209qp07973480l85nh7518l3o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=1v361209qp07973480l85nh7518l3o
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kerstin\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: d:\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: D:\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: D:\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: D:\Nitro PDF Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: D:\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kerstin\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kerstin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kerstin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: D:\PC Tools Security\BDT\Firefox\ [2011.08.21 14:30:12 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.11.01 08:54:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Mozilla Firefox\components [2011.10.20 09:40:29 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.10.20 09:40:29 | 000,000,000 | -H-D | M]
 
[2011.10.18 07:33:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions
[2011.10.18 07:33:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010.06.29 06:42:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.07 13:22:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions
[2011.10.26 11:36:47 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.06.03 08:56:20 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.05 08:27:55 | 000,000,000 | -H-D | M] (SeoQuake) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.02.19 09:13:07 | 000,000,000 | -H-D | M] (Linkification) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010.05.12 09:49:41 | 000,000,000 | -H-D | M] (Dust-Me Selectors) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}
[2011.05.06 05:25:52 | 000,000,000 | -H-D | M] (LinkChecker) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2009.12.26 17:57:16 | 000,000,000 | -H-D | M] (IE Tab) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.01.07 15:11:33 | 000,000,000 | -H-D | M] (Web Developer) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.08.08 18:36:33 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\firefox@tvunetworks.com
[2010.07.26 20:53:52 | 000,000,000 | -H-D | M] (Ovi maps browser plugin) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\6y58urhh.default\extensions\maps@ovi.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kerstin\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kerstin\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kerstin\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Kerstin\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = D:\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Kerstin\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = D:\Nitro PDF Reader 2\npnitromozilla.dll
CHR - plugin: Veetle TV Player (Enabled) = D:\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = D:\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = D:\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = d:\TVUPlayer\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
 
O1 HOSTS File: ([2010.08.24 18:18:12 | 000,416,853 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14389 more lines...
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DnpkVAIhmGU.exe] C:\ProgramData\DnpkVAIhmGU.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IR_SERVER] D:\Realtek\REALTE~1\IR_SERVER.exe File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MultiScreen] D:\Multiscreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NcpBudgetGui] d:\NCP\SecureClient\NcpBudgetGui.exe ()
O4 - HKLM..\Run: [NcpPopup] d:\NCP\SecureClient\ncppopup.exe ()
O4 - HKLM..\Run: [NcpRsuGui] d:\NCP\SecureClient\rwsrsu.exe ()
O4 - HKLM..\Run: [Ovi Files Update] "C:\Program Files (x86)\Ovi Files\updater.exe" File not found
O4 - HKLM..\Run: [PCTools FGuard] D:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StarMoneyRunEntry] d:\StarMoney Business 3.0\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kerstin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paymo.lnk = D:\Paymo\Paymo.exe (Logic Design LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - res:///105 File not found
O8:64bit: - Extra context menu item: Google AdSense Preview-Tool - hxxp://pagead2.googlesyndication.com/pagead/preview/de/preview.html File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - res:///105 File not found
O8 - Extra context menu item: Google AdSense Preview-Tool - hxxp://pagead2.googlesyndication.com/pagead/preview/de/preview.html File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.65 217.0.43.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{534439F9-682C-4308-9DE2-40BF2DA8D0F0}: DhcpNameServer = 217.0.43.65 217.0.43.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5922A7-3533-4FBD-BD66-B653BE9004F1}: DhcpNameServer = 217.0.43.65 217.0.43.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A75865-FDA3-43B4-86D8-E0FCF7A333B6}: DhcpNameServer = 217.0.43.65 217.0.43.81
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.25 18:19:40 | 000,004,510 | -H-- | M] () - E:\autosmalen.htm -- [ NTFS ]
O32 - AutoRun File - [2010.07.06 05:19:02 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk I:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.07 14:16:30 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Users\Kerstin\Desktop\OTL.exe
[2011.11.07 13:52:01 | 000,000,000 | -H-D | C] -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.10.20 09:50:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.20 09:50:07 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011.10.20 09:50:04 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011.10.20 09:43:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011.10.20 09:43:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour
[2011.10.20 09:40:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.10.18 07:32:20 | 000,000,000 | -H-D | C] -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google AdWords Editor
[2011.10.13 07:21:45 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.13 07:21:44 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.13 07:21:44 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.13 07:21:44 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.13 07:21:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.13 07:21:44 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.13 07:21:44 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.13 07:21:43 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.13 07:21:43 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.10.13 07:21:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.10.13 07:21:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.13 07:21:43 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.13 07:21:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.13 07:21:21 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011.10.13 07:21:21 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011.10.13 07:21:21 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.13 07:21:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011.10.13 07:21:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011.10.13 07:21:20 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.13 07:20:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.13 07:20:37 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.13 07:20:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.10.13 07:20:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.10.13 07:20:36 | 000,579,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.13 07:20:36 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.10.13 07:20:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.13 07:20:36 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.10.13 07:20:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2010.12.10 22:23:50 | 000,106,496 | -H-- | C] (ITE Tech. Inc.) -- C:\Users\Kerstin\AppData\Local\IRMonitor.exe
[2009.05.04 17:14:02 | 000,024,576 | -H-- | C] ( ) -- C:\Windows\SysWow64\Interop.LxXtreme60.dll
[2009.04.09 21:07:41 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.07 14:16:34 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Users\Kerstin\Desktop\OTL.exe
[2011.11.07 14:03:50 | 001,680,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.07 14:03:50 | 000,718,422 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.07 14:03:50 | 000,678,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.07 14:03:50 | 000,156,902 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.07 14:03:50 | 000,130,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.07 13:59:57 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.07 13:58:01 | 000,085,277 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.11.07 13:57:27 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.11.07 13:57:27 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.11.07 13:56:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 13:56:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 13:56:28 | 000,001,106 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 13:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 13:52:02 | 000,000,615 | -H-- | M] () -- C:\Users\Kerstin\Desktop\System Restore.lnk
[2011.11.07 13:51:52 | 000,308,064 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.07 13:48:26 | 000,001,110 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.07 13:43:22 | 000,000,110 | -H-- | M] () -- C:\Users\Kerstin\Desktop\index.php
[2011.11.07 13:41:26 | 000,001,181 | -H-- | M] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.11.07 13:41:22 | 000,389,976 | -H-- | M] () -- C:\ProgramData\DnpkVAIhmGU.exe
[2011.11.07 13:37:13 | 000,001,128 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-624346139-1263773502-3014717587-1000UA.job
[2011.11.05 23:42:58 | 000,001,076 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-624346139-1263773502-3014717587-1000Core.job
[2011.11.05 08:20:37 | 000,000,064 | -H-- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.11.05 08:20:37 | 000,000,044 | -H-- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.03 17:02:08 | 000,458,414 | -H-- | M] () -- C:\Users\Kerstin\Desktop\screen.jpg
[2011.11.01 09:55:04 | 000,544,232 | -H-- | M] () -- C:\Users\Kerstin\.ranktracker.properties
[2011.10.31 08:34:08 | 000,006,836 | -H-- | M] () -- C:\Users\Kerstin\AppData\Local\d3d9caps.dat
[2011.10.18 15:56:56 | 000,666,768 | -H-- | M] () -- C:\Users\Kerstin\.spyglass.properties
[2011.10.18 14:43:04 | 003,128,884 | -H-- | M] () -- C:\Users\Kerstin\.websiteauditor.properties
[2011.10.18 12:17:18 | 000,534,853 | -H-- | M] () -- C:\Users\Kerstin\.linkassistant.properties
[2011.10.17 13:03:53 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.10.14 09:28:49 | 005,131,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.07 13:52:06 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.11.07 13:52:05 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.11.07 13:52:02 | 000,000,615 | -H-- | C] () -- C:\Users\Kerstin\Desktop\System Restore.lnk
[2011.11.07 13:51:59 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.07 13:51:52 | 000,308,064 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.07 13:43:22 | 000,000,110 | -H-- | C] () -- C:\Users\Kerstin\Desktop\index.php
[2011.11.07 13:41:23 | 000,389,976 | -H-- | C] () -- C:\ProgramData\DnpkVAIhmGU.exe
[2011.11.03 17:02:08 | 000,458,414 | -H-- | C] () -- C:\Users\Kerstin\Desktop\screen.jpg
[2011.10.31 08:34:08 | 000,006,836 | -H-- | C] () -- C:\Users\Kerstin\AppData\Local\d3d9caps.dat
[2011.05.16 15:38:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0809.old
[2011.05.16 15:38:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.05.13 07:39:12 | 000,000,064 | -H-- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.13 07:39:12 | 000,000,044 | -H-- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.05 07:37:13 | 000,079,876 | ---- | C] () -- C:\Windows\ds2engm.dat
[2011.04.05 07:37:12 | 000,089,675 | ---- | C] () -- C:\Windows\dwreng4.dat
[2011.04.05 07:37:11 | 000,215,392 | ---- | C] () -- C:\Windows\catdws.dat
[2011.04.05 07:37:09 | 000,864,330 | ---- | C] () -- C:\Windows\ds2eng5.dat
[2011.02.22 09:55:53 | 000,162,304 | -H-- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.02.22 09:55:53 | 000,153,088 | -H-- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011.02.22 09:55:53 | 000,077,312 | -H-- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.02.22 09:55:53 | 000,075,264 | -H-- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010.09.07 15:38:07 | 000,000,058 | ---- | C] () -- C:\Windows\my.ini
[2010.08.25 06:59:29 | 000,000,036 | -H-- | C] () -- C:\Users\Kerstin\AppData\Local\housecall.guid.cache
[2010.08.23 13:18:24 | 000,173,684 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.03.03 10:37:07 | 000,016,896 | -H-- | C] () -- C:\Users\Kerstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 09:27:07 | 000,311,296 | -H-- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2010.01.15 09:27:07 | 000,290,918 | -H-- | C] () -- C:\Windows\SysWow64\Install7x.dll
[2010.01.15 09:27:06 | 000,002,048 | -H-- | C] () -- C:\Windows\SysWow64\drivers\rt73.bin
[2010.01.14 12:36:04 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.01.14 12:35:33 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.01.14 12:34:51 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.31 11:01:00 | 001,552,302 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.29 13:03:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.12.27 16:09:21 | 000,043,520 | -H-- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.12.27 10:16:53 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.27 10:16:53 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.27 10:16:31 | 000,000,204 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.12.27 10:16:31 | 000,000,075 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.12.27 10:14:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.12.27 10:14:22 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.12.27 10:14:21 | 000,106,496 | -H-- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009.12.26 17:35:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.12.26 11:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.12.26 11:27:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009.12.26 11:27:48 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009.12.26 11:14:51 | 000,000,732 | -H-- | C] () -- C:\Users\Kerstin\AppData\Local\d3d9caps64.dat
[2009.05.04 17:14:02 | 000,049,152 | -H-- | C] () -- C:\Windows\SysWow64\Lexware.Common.UI.ViewHeader.dll
[2009.04.09 11:53:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.03.31 16:50:49 | 003,107,788 | -H-- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.02.02 20:11:40 | 000,208,896 | -H-- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2009.02.02 20:10:14 | 000,303,104 | -H-- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | -H-- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | -H-- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000.12.04 21:27:06 | 000,320,512 | -H-- | C] () -- C:\Windows\SysWow64\W32MKDE.EXE
[2000.12.04 21:27:06 | 000,110,080 | -H-- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL
[1999.05.14 16:05:22 | 000,015,627 | -H-- | C] () -- C:\Windows\SysWow64\WBROLLRS.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
         
Wäre toll, wenn ihr mich genauso toll durch dieses Desaster leiten könntet. Schon jetzt vielen Dank dafür :-)

Kerstin
__________________


Alt 07.11.2011, 15:01   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
__________________

Alt 07.11.2011, 18:57   #4
kid77
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



So, nach fast 4 Stunden ist Malwarebytes durch:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8106

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.11.2011 18:56:06
mbam-log-2011-11-07 (18-56-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Durchsuchte Objekte: 1065835
Laufzeit: 3 Stunde(n), 48 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\dnpkvaihmgu.exe (Trojan.FakeAlert) -> 2940 -> Unloaded process successfully.
c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> 1624 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DnpkVAIhmGU.exe (Trojan.FakeAlert) -> Value: DnpkVAIhmGU.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\dnpkvaihmgu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\downloads\clonecd 4\clone crack\clonecd4.0.0.1kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
         
Jetzt starte ich mal neu und widme mich ESET.

Alt 07.11.2011, 19:05   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Zitat:
e:\downloads\clonecd 4\clone crack\clonecd4.0.0.1kg.exe


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2011, 19:19   #6
kid77
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Was ist denn dieses Clone? Ich habe ehrlich gesagt keine Ahnung, was das ist und was ich verbrochen habe?

Ich habe von Computern leider nicht viel Ahnung und nutze ihn auch nicht oft. Aber ich brauche die alte Kiste :-(

Geändert von kid77 (07.11.2011 um 19:25 Uhr)

Alt 07.11.2011, 19:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Ein gecracktes Brennprogramm...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2011, 19:30   #8
kid77
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Zum CDs brennen?

Kann es sein, dass das noch vom Vorbesitzer drauf ist? Wie bekomme ich das runter?

Edit: Was ist mit "gecrackt" gemeint?

Geändert von kid77 (07.11.2011 um 20:05 Uhr)

Alt 07.11.2011, 20:07   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Woher soll ich wissen, dass der PC gebraucht war?
Bei Besitzerwechsel sollte man eh formatieren und Windows komplett neu installieren.Folge dem Artikel zur Neuinstallation von Windows
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2011, 20:19   #10
kid77
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Ich dir ja auch keinen Vorwurf gemacht.

Ich habe von solchen Dingen keine Ahnung und war froh, endlich mal einen PC zu haben.

Malwarebytes scheint den Virus entfernt zu haben. Es kommen zumindest keine Meldungen mehr nach dem Neustart. Insofern denke ich dass ich nicht neuinstallieren muss. Habe beim Recherchieren noch "unhide" gefunden und lasse das gerade laufen. Einige Festplatten sind wieder sichtbar (bzw. die Inhalte). Nur der Desktop ist noch schwarz und unten links, wo man die Programme aufruft, ist leider auch noch leer. unhide ist aber auch noch nicht fertig.

Alt 07.11.2011, 20:35   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\



Lass die Fummelei und setz die Kiste besser neu auf.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
64-bit, akamai, any video converter, avira, bonjour, browser, converter, desktop, error, excel, failed, failed to save all the components for the file \\system32, fatal error, flash player, google, google chrome, home, install.exe, lexware, microsoft office word, mozilla, problem, realtek, registry, rundll, scan, security, shell32.dll, shortcut, software, starmoney, studio, svchost.exe, system, usb, video converter, vista, visual studio, windows, windows - delayed write failed




Ähnliche Themen: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\


  1. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 21.03.2012 (13)
  2. Windows 7 Failed to save all the components for the file \\System32\\0000xxxx
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (3)
  3. Windows 7 Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (5)
  4. Failed to save all the components for the file \\System32 usw...
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (15)
  5. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 12.02.2012 (1)
  6. Failed to save all the components for the file \\System32\\ [...]
    Log-Analyse und Auswertung - 01.02.2012 (6)
  7. windows 7 gecrasht - "Windows - Delayed Write Failed" "Failed to save all the components..."
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (12)
  8. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 16.01.2012 (26)
  9. failed to save all the components for the file system32
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (2)
  10. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  11. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428
    Log-Analyse und Auswertung - 15.11.2011 (35)
  12. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - St
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (16)
  13. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  14. Windows 7 Failed to save all the components for the file System32\\00...
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (3)
  15. Windows - Delayed Write Failed - Failed to save...
    Log-Analyse und Auswertung - 10.11.2011 (7)
  16. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  17. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)

Zum Thema Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Ich habe das selbe Problem wie dieser User ( http://www.trojaner-board.de/104840-...-system32.html ) und OTL bereits scannen lassen. Hier der Inhalt der beiden Logfiles: Extras.TxtOTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL - Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\...
Archiv
Du betrachtest: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.