Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Live Security Platinum Logfile-Analyse

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.07.2012, 14:26   #1
OliverB
 
Live Security Platinum Logfile-Analyse - Standard

Live Security Platinum Logfile-Analyse



Hallo,

leider hat mich der Live Security Platinum -Virus auch erwischt.
Ich habe die Anweisungen im Forum besten Gewissens (ich hab leider nicht so viel bis keine Ahnung) befolgt und zwei Full Scans und einen Quick Scans mit Malewarebytes durchgeführt sowie eine Analyse mit Oldtimer. Außerdem habe hänge ich noch das esetlogfile an.

Es wäre toll, wenn jemand drüberschauen und mir mitteilen könnte, ob mein System inzwischen sicher ist oder wenn nicht, welche Schritte als nächstes durchzuführen sind.

Vielen Dank und viele Grüße
Oli

1.Full Scan
Code:
ATTFilter
 
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.02

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oli :: COMPUTER [Administrator]

Schutz: Deaktiviert

04.07.2012 08:38:09
mbam-log-2012-07-04 (10-33-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 688594
Laufzeit: 1 Stunde(n), 51 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|B7E8586B00002814000AA661A60145BE (Trojan.LameShield) -> Daten: C:\ProgramData\B7E8586B00002814000AA661A60145BE\B7E8586B00002814000AA661A60145BE.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\B7E8586B00002814000AA661A60145BE\B7E8586B00002814000AA661A60145BE.exe (Trojan.LameShield) -> Keine Aktion durchgeführt.
C:\Users\Oli\AppData\Local\zcesmbl.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt.
C:\Users\Oli\AppData\Local\{82f56d1d-822a-1a5f-8c6a-0e0164591ccc}\n (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Users\Oli\AppData\Local\{82f56d1d-822a-1a5f-8c6a-0e0164591ccc}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
         
Quickscan
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.03

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oli :: COMPUTER [Administrator]

Schutz: Deaktiviert

04.07.2012 11:40:24
mbam-log-2012-07-04 (11-47-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225932
Laufzeit: 5 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Oli\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Oli\AppData\Local\Temp\~!#CFFB.tmp (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
         
2.Fullscan
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.03

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Oli :: COMPUTER [Administrator]

Schutz: Deaktiviert

04.07.2012 13:13:56
mbam-log-2012-07-04 (13-13-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 688842
Laufzeit: 1 Stunde(n), 49 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.07.2012 18:06:13 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Oli\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,51% Memory free
7,73 Gb Paging File | 5,97 Gb Available in Paging File | 77,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 300,39 Gb Free Space | 66,21% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Oli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Oli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Oli\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\REXECD.exe (Aspen Technology, Inc)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (NitroDriverReadSpool) -- C:\Programme\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (REXEC) -- C:\Windows\SysWOW64\REXECD.exe (Aspen Technology, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (esihdrv) -- C:\Users\Oli\AppData\Local\Temp\esihdrv.sys (ESET)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0484z165f45k2a23n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0484z165f45k2a23n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0484z165f45k2a23n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0484z165f45k2a23n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0484z165f45k2a23n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_de___DE378
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.10.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Oli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.18 12:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.11 07:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.18 12:03:44 | 000,000,000 | ---D | M]
 
[2010.05.11 07:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\mozilla\Extensions
[2012.07.04 15:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\mozilla\Firefox\Profiles\fai4479n.default\extensions
[2012.02.23 19:59:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Oli\AppData\Roaming\mozilla\Firefox\Profiles\fai4479n.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.19 11:47:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Oli\AppData\Roaming\mozilla\Firefox\Profiles\fai4479n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.04 15:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.26 20:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.08.07 10:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.05.03 09:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.05.18 12:03:20 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Oli\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Oli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Oli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275F6A1F-B6B3-407A-A279-12553B4D1655}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3878F5BB-5B8F-4A01-8DE3-A18C86181726}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429D1181-0033-4DD4-830F-AC3526EADA2E}: DhcpNameServer = 129.69.1.28 141.58.231.9
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.19 01:41:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 15:17:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
[2012.07.04 11:15:06 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Avira
[2012.07.04 11:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.04 11:14:30 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.04 11:14:30 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.04 11:14:30 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.04 11:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.04 11:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.03 23:49:00 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Malwarebytes
[2012.07.03 23:48:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 23:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 23:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.03 23:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 22:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E8586B00002814000AA661A60145BE
[2012.06.28 19:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOEFL Official Guide
[2012.06.28 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\M-HTOEFL
[2012.06.26 15:36:18 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.26 15:36:18 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.26 15:36:18 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.26 15:35:58 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.26 15:35:58 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.26 15:35:58 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.26 15:35:42 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.26 15:35:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.20 11:27:56 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Canon
[2012.06.20 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Zeugnisse
[2012.06.20 10:48:09 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Oli\Desktop\AcrobatPro_10_Web_WWEFD.exe
[2012.06.19 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012.06.19 11:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfsam
[2012.06.19 11:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2012.06.19 11:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender
[2012.06.15 09:46:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.15 09:46:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.15 09:46:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.15 09:46:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.15 09:46:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.15 09:46:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.15 09:46:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.15 09:46:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.15 09:46:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.15 09:46:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.15 09:46:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.15 09:46:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.15 09:46:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 07:07:03 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 07:07:03 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 07:07:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 07:07:00 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 07:06:59 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 07:06:58 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.12 10:10:02 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\TOEFL
[2012.06.05 01:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.05 01:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 18:06:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 18:06:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 18:03:54 | 001,523,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 18:03:54 | 000,661,696 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 18:03:54 | 000,625,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 18:03:54 | 000,133,738 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 18:03:54 | 000,110,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 17:58:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.04 17:57:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 17:57:28 | 3113,308,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 15:17:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
[2012.07.04 11:14:43 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 23:48:50 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 23:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.03 23:21:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2305754609-1798708628-3498924700-1000UA.job
[2012.07.03 21:40:04 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.03 18:30:21 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2012.06.25 20:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2305754609-1798708628-3498924700-1000Core.job
[2012.06.20 20:12:00 | 000,001,374 | ---- | M] () -- C:\Users\Oli\Desktop\Free YouTube to MP3 Converter.lnk
[2012.06.20 10:52:54 | 487,666,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Oli\Desktop\AcrobatPro_10_Web_WWEFD.exe
[2012.06.15 12:43:13 | 000,442,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.04 11:14:43 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 23:48:50 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 22:34:35 | 000,001,696 | ---- | C] () -- C:\Users\Oli\AppData\Local\{82f56d1d-822a-1a5f-8c6a-0e0164591ccc}\U\00000001.@
[2012.07.03 18:30:21 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2012.07.03 16:40:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.02.22 15:07:27 | 000,000,084 | ---- | C] () -- C:\Users\Oli\.octave_hist
[2012.01.12 00:49:46 | 000,002,048 | -HS- | C] () -- C:\Users\Oli\AppData\Local\{82f56d1d-822a-1a5f-8c6a-0e0164591ccc}\@
[2011.08.19 16:29:01 | 000,000,000 | ---- | C] () -- C:\Users\Oli\AppData\Local\{59CBA58B-492A-402C-99AF-A9005C05FEC0}
[2011.06.09 11:42:36 | 000,000,000 | ---- | C] () -- C:\Users\Oli\AppData\Local\{557FAF06-9F98-49CD-AEEE-A327F15799B6}
[2011.01.19 14:37:49 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2011.01.19 14:37:49 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2011.01.19 14:37:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2011.01.19 14:37:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2011.01.19 14:37:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2011.01.19 14:36:36 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.19 10:20:33 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.01.19 10:20:33 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010.05.05 22:14:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< End of report >
         
--- --- ---
[\code]

Extra.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2012 18:06:13 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Oli\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,51% Memory free
7,73 Gb Paging File | 5,97 Gb Available in Paging File | 77,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 300,39 Gb Free Space | 66,21% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Oli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F057F6-F883-45DD-87C7-C149CFEFF0EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{011EB68B-085F-400A-86E6-AF1311CC531F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{02AF0AB4-9C87-4AEC-B14A-D96F00592290}" = lport=137 | protocol=17 | dir=in | app=system | 
"{16F70F5A-6C21-4EAC-A48B-3DFE14EB67AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{19B67EAC-4E96-4711-8EE1-912FAB75D2CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D323B15-8B4C-4BBF-AB28-F93935840477}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20DF7D50-91F9-4025-9102-2C8D26A83484}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D97FF3C-0808-476E-98E2-80600475350F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3DB1E68B-0D4F-43F2-8805-9F65ADA25F00}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{411147BD-DC8C-4CE1-8F93-CCF410ABE761}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42924035-A472-4CDD-A764-99AB48085727}" = rport=137 | protocol=17 | dir=out | app=system | 
"{46941350-E3D8-469D-B739-AA67E8C1364A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4B47AD78-E175-4AD6-B178-FAF9E0597C17}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5B8CD841-2AF1-4389-84E0-35AF6BC55201}" = lport=445 | protocol=6 | dir=in | app=system | 
"{69ADEE18-961B-4005-ACB6-3062DA1CE5B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77696B33-8DC5-43F4-82CE-9D3057C8BE15}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7D638DCE-E864-4979-B5F3-1329AED397F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{A0BA8210-7D5A-49A2-BF1A-430922460755}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0247DB5-2D0D-44AA-9CD4-6E8495DCCB81}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C67D31EA-DE6D-4639-B326-F9D78DA50283}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA917E21-D8E7-4B4E-A791-3FA03E61AFD2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CAB52118-39CE-495A-8A4C-45A4583E6B05}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF95E706-3536-48B6-8351-D43FBA84A44D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DDE617FD-B8CF-42E6-B959-25B2A7785B8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E7EAA9D2-047B-4620-B2ED-183C72AFC92A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F6AE3662-AED2-4ADE-AF3C-51E8486A836E}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029359D6-DA0E-4033-9902-DA5A32EEE5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{09BBABAF-E974-45C4-B3F5-7F1846D2721C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1C2C8E1F-586E-4F3D-959B-845EDBF2E961}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1F5B2945-719A-4446-800F-05F878FF73B9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{21F8B546-E368-4E11-B905-AA4182EEB55A}" = dir=in | app=c:\users\oli\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{237BA7C4-5723-4B33-84DD-F07A880856EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{25AD7965-A840-4351-9C8D-2E665EE5F136}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CC14124-CEAD-4E61-8B11-7997D101E32E}" = protocol=6 | dir=out | app=system | 
"{3A970A2B-A695-413F-897C-1AF5A79E181B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3B376E68-6D07-4C00-9E7D-9782FFFFEBFC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{3EBA8AF9-9B2F-4ECB-8A24-1E3A8ED68F7B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{4DF67A69-A95C-413C-8796-4106788E891A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4F42563D-8E87-4792-B783-F5AA0BBD1EDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52994DB4-1F21-4663-8844-11E27F7D1FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{52C9F22B-C356-459D-A4AD-5D3DE111EF2E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{576A9AAF-9EB1-4C6A-B15B-7F13643F47EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6479CA39-FAF8-4980-A08C-79967C467830}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{6835FAE6-8772-4B3B-9270-34C7E4F101BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68C97510-C0D7-44BA-A795-6108279ED024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CD572C4-E76E-47B4-94FD-AF2F81691C0F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{737F89FD-3B13-4CC9-AA00-5EB106AE099A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7A9B5C1B-E9EB-4B6E-BB4C-97B1A930D098}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{8370AE33-9666-42A2-9824-7E8DAC117603}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{849D8AB8-AA8F-4DD1-88C0-CFD67C244085}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8A5178F5-9D11-4B83-AB99-9BE8590246A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8F32B810-8E67-43E8-8898-892D4E23A792}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{95774B86-2DAF-406A-9A97-FD2928EB9453}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{963B478B-0B58-439D-A271-BE2BDC3F6AA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{A0DFE3A0-A7DD-4A32-AC2D-D5DE6D2533FB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{AADBF520-7FE0-497C-9E5E-EB12D7F974F7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{B547E163-BA5B-4D57-8A86-69991610F37F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBDACB44-E2F2-4627-BDC0-B9CEFCFF8DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{C949986A-EB97-4DBC-9911-18FAB4AD9A2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5B5E566-1ED5-4427-B897-FC0E0127DAD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA4B9B3F-62C6-4A3D-B59D-138284E1D566}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E19B025C-1EED-489F-A5EE-F714834714BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E410D720-8C2C-44F0-AF91-B3680D46E651}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E8791EEA-7BE9-4B83-A491-8E9216093138}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E964D805-39E7-4B96-92E2-DC11EEE1D17D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EC51C1AA-6C53-4450-A201-75F97CF6C52B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EE42ADD5-0780-4AC3-A1D1-6A77DD429271}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{F32DF927-7721-4BE4-96E1-FA18CD193294}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"TCP Query User{00AF3FB4-7D70-43EF-BA3D-2D05545FA5F5}C:\users\oli\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{65A492D6-0EF1-4351-9457-4046BAAF43B6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{6FA33F58-7517-4589-B74F-28415D8ED36E}C:\users\oli\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9280D3D1-B026-47F5-AD17-2F1B5F976F3B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{B28EF0FB-7892-4509-9817-29AD107D906A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{45AF6D7E-F099-46DC-88DA-2508AF24A2E1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{5177D64E-C9D1-4391-9275-A3DDDB96DEDA}C:\users\oli\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{80F62B4D-622D-4ABF-B9C0-B2CE7AA60871}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{90E040EC-1615-424A-920F-19E4066B891E}C:\users\oli\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B2FABFAD-8268-44F4-8CA6-3B4B8A25DC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB77B91-4E02-4683-93DC-83CEB2DCB508}" = Nitro PDF Professional
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E274777F-0D6E-4509-A954-36B6DDEE8DAF}" = Nitro Reader 2
"CCleaner" = CCleaner
"MatlabR2010b" = MATLAB R2010b
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6EEB7E-AA99-43AF-AB09-395696C9827C}" = Aspen Properties 2006
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2d63ba8d-1c38-4a64-8618-caadbf38abe5}" = Nero 9 Essentials
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A054E80-64FE-4C10-B230-EBDA97EDF4BE}" = Aspen Plus 2006
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4C6DD02-8ACA-4354-BA36-9FFC3B767E73}" = Cisco AnyConnect VPN Client
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Akamai" = Akamai NetSession Interface Service
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Metaboli" = Metaboli
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenVPN" = OpenVPN 2.1.1
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PlayChess" = PlayChess 
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 1.1.5
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.07.2011 12:05:52 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.07.2011 12:05:52 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.07.2011 12:06:10 | Computer Name = Computer | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD-Tcpip [TCP/IPv6]) : Error 0.
 
Error - 08.07.2011 12:13:40 | Computer Name = Computer | Source = RexecdService | ID = 0
Description = 
 
Error - 08.07.2011 12:13:46 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.07.2011 12:13:46 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.07.2011 12:13:53 | Computer Name = Computer | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD-Tcpip [TCP/IPv6]) : Error 0.
 
Error - 08.07.2011 12:33:29 | Computer Name = Computer | Source = RexecdService | ID = 0
Description = 
 
Error - 08.07.2011 12:33:49 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.07.2011 12:33:49 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
 Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 07:03:32 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 11:58:03 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 04.07.2012 11:58:10 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.07.2012 11:58:10 | Computer Name = Computer | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
[ OSession Events ]
Error - 03.10.2010 18:34:05 | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 47248 seconds with 180 seconds of active time.  This session ended with a
 crash.
 
[ System Events ]
Error - 04.07.2012 11:53:10 | Computer Name = Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.07.2012 11:53:10 | Computer Name = Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.07.2012 11:53:10 | Computer Name = Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.07.2012 11:53:14 | Computer Name = Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.07.2012 11:53:14 | Computer Name = Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.07.2012 11:53:14 | Computer Name = Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.07.2012 11:57:45 | Computer Name = Computer | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 17:54:29 unerwartet heruntergefahren.
 
Error - 04.07.2012 12:00:13 | Computer Name = Computer | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 04.07.2012 12:00:14 | Computer Name = Computer | Source = DCOM | ID = 10005
Description = 
 
Error - 04.07.2012 12:00:14 | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
--- --- ---


Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ab6a97c9ba898f4ca1b59b6fcc3f03be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 05:38:30
# local_time=2012-07-05 07:38:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 26830 26830 0 0
# compatibility_mode=5893 16776574 100 94 26823 93049949 0 0
# compatibility_mode=8192 67108863 100 0 155 155 0 0
# scanned=434543
# found=18
# cleaned=0
# scan_time=46611
C:\Users\Oli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPCQ6OB\main[1].htm	JS/Kryptik.NJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RTJZ9RFW\new-online-dating_net[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVYJRTZI\32f05[1].pdf	JS/Exploit.Pdfka.PKO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Temp\jar_cache1189480789458569937.tmp	probably a variant of Java/Exploit.CVE-2012-0507.AO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Temp\mediaget_installer.exe	a variant of Win32/Adware.GoodMedia.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Temp\nana.exe	a variant of Win32/Injector.TNC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Temp\~!#D3E3.tmp	a variant of Win32/Injector.TNC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2097Q1XP\94a9b[1].pdf	JS/Exploit.Pdfka.PDM.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WMBMJCJV\f078e[1].pdf	JS/Exploit.Pdfka.PDM.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6edac24a-5cbaeb5f	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\54dc7ccc-54552919	Java/Exploit.Agent.NBS trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3ebfe0cf-3b9600a5	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b7b4b03-601fef85	a variant of Java/Agent.DM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\24d8dca2-77dabcef	a variant of Java/Exploit.CVE-2012-0507.BZ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\e5596a3-7a54be94	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\196afda8-1f15de34	a variant of Win32/Injector.TNC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1804a02f-747c4506	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Oli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7503363e-4a137d1d	a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)	00000000000000000000000000000000	I
         

Alt 06.07.2012, 06:52   #2
kira
/// Helfer-Team
 
Live Security Platinum Logfile-Analyse - Standard

Live Security Platinum Logfile-Analyse



Hallo und Herzlich Willkommen!

Habe leider schlechte Nachricht für Dich:
Zitat:
win32.ZAccess
- handelt es sich um ein schwer behandelbaren Problem
Da würde ich an Deiner Stelle das System gleich neu installieren, da die Bekämpfung diese neue Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich!
- einen Backdoor mit Rootkitfunktionalität

diese Malware verwendet Rootkit-Technologie und Backdoor-Routine
*was sind Backdoors und Rootkits*

Verhaltensweise:
"speicherresident"

Zitat:
Erklärung:
Speicherresident nennt man Programme oder Programmteile, deren Daten während des Rechnerbetriebs nicht routinemässig auf Datenträger wie die Festplatte geschrieben und bei Bedarf wieder in den Arbeitsspeicher eingelesen werden, sondern die ganze Zeit im Arbeitsspeicher verbleiben.
Dazu gehören im Allgemeinen die für den Rechnerbetrieb zentralen und häufig durchgeführten Teile des Betriebsystems oder beim Programmablauf eines Anwendungsprogrammes ständig wiederkehrende Programmroutinen.
Einerseits verkürzen speicherresidente Programme die Zugriffszeiten, weil die für das Einlesen der Daten vom Datenträger in den Arbeitsspeicher benötigte Zeit entfällt. Andererseits verringern sie die verfügbare Kapazität des Arbeitsspeichers.
Speicherresident sind auch viele Viren, die dafür sorgen, dass das Betriebssytem sie die ganze Zeit im Arbeitsspeicher hält, von wo aus sie andere Programme infizieren können.
Tipps & Rat:


Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:
Zitat:
Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check
Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.


-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7


Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

gruß
kira
__________________

__________________

Antwort

Themen zu Live Security Platinum Logfile-Analyse
7-zip, 800000cb.@, akamai, antivir, autorun, avira, bho, computer, converter, downloader, error, excel, failed, fatal error, fehler, firefox, flash player, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, java/agent.dm, java/exploit.cve-2011-3544.aw, java/exploit.cve-2012-0507.bz, launch, limited.com/facebook, live security platinum malwarebytes, logfile, microsoft office word, mp3, msimg32.dll, office 2007, packard bell, plug-in, realtek, registry, rundll, searchscopes, security, software, svchost.exe, system, usb 2.0




Ähnliche Themen: Live Security Platinum Logfile-Analyse


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum
    Log-Analyse und Auswertung - 24.09.2012 (16)
  3. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (41)
  4. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (15)
  5. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  6. Live Security Platinum
    Log-Analyse und Auswertung - 12.09.2012 (2)
  7. Live Security Platinum 3.6.1
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (19)
  8. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  9. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (23)
  10. Live Security Platinum...diesmal mit Logfile
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (2)
  11. Live Security Platinum
    Log-Analyse und Auswertung - 04.08.2012 (5)
  12. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (1)
  13. Live Security Platinum
    Log-Analyse und Auswertung - 01.08.2012 (1)
  14. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (14)
  15. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  16. Live Security Platinum
    Log-Analyse und Auswertung - 30.07.2012 (1)
  17. Live Security Platinum
    Log-Analyse und Auswertung - 27.07.2012 (5)

Zum Thema Live Security Platinum Logfile-Analyse - Hallo, leider hat mich der Live Security Platinum -Virus auch erwischt. Ich habe die Anweisungen im Forum besten Gewissens (ich hab leider nicht so viel bis keine Ahnung) befolgt und - Live Security Platinum Logfile-Analyse...
Archiv
Du betrachtest: Live Security Platinum Logfile-Analyse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.