Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei 5.2 Österreich eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.07.2012, 05:48   #1
milanr
 
Bundespolizei 5.2 Österreich eingefangen - Standard

Bundespolizei 5.2 Österreich eingefangen



Hallo,
Titel sagt alles... habe Folgendes getan:

1. Anti-Malware läuft
2. Defogger und OTL downloaded, sind einsatzbereit (64-bit Win 7)

Jetzt habe ich aber die Info über Avira Rescue System gelesen - kann es sein, dass das ausreicht? Nehme an die Boot-CD muss ich auf einem sauberen Rechner brennen - auf dem befallenen bringt es nichts, oder?

Vorläufig danke, Milan

Alt 07.07.2012, 10:23   #2
milanr
 
Bundespolizei 5.2 Österreich eingefangen - Standard

Bundespolizei 5.2 Österreich eingefangen



Hallo,
jetzt bin ich durch - siehe unten.
Zur Info - betroffen ist Benutzer "Milan", Administrator geht ohne Probleme, andere Benutzer habe ich sicherheitshalber gar nicht angemeldet, um nicht irgend etwas kaputt zu machen!

Allerdings war ich gestern ungeduldig; Habe Anti-Malware mit Quick Scan gestartet - das ist die LOG:

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.06.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Administrator :: PC-01 [Administrator]

06.07.2012 20:27:17
mbam-log-2012-07-06 (20-27-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331696
Laufzeit: 6 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Svhst (Backdoor.PoisonIvy) -> Daten: C:\Windows\svhst.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Build.ex_ (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Heute noch einmal mit Vollständig - nichts gefunden - LOG hier:

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Administrator :: PC-01 [Administrator]

07.07.2012 05:46:26
mbam-log-2012-07-07 (05-46-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 660591
Laufzeit: 2 Stunde(n), 18 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dann defogger und OTL - das ist OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.07.2012 09:35:24 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,36% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 23,46 Gb Free Space | 7,87% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 17,16 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Drive F: | 979,05 Mb Total Space | 261,63 Mb Free Space | 26,72% Space Free | Partition Type: NTFS
 
Computer Name: PC-01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.07 05:57:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.14 17:48:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 17:48:52 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 17:48:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.03.28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.03.15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.18 20:44:45 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Administrator\AppData\Local\Apps\2.0\PJK5LQQY.209\LY0P5LEG.ZR4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2010.04.27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 20:43:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 20:43:18 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.06.15 20:38:16 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012.06.15 20:38:05 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012.06.15 20:38:01 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012.06.15 20:37:57 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012.06.15 20:37:55 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012.06.15 20:29:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.15 20:28:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.15 20:28:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.17 09:33:39 | 000,115,137 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2012.05.10 19:55:15 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
MOD - [2012.05.10 19:53:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 19:53:11 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012.05.09 22:23:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 22:22:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.09 22:22:20 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.09 22:22:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.09 22:22:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 22:22:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.09 21:03:06 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 20:59:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012.05.09 20:59:47 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012.05.09 20:59:42 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012.05.09 20:59:37 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.07 21:07:24 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.11.18 20:44:43 | 000,368,640 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Apps\2.0\PJK5LQQY.209\LY0P5LEG.ZR4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.21 20:55:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.14 17:48:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 17:48:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.07.15 09:33:49 | 000,142,184 | ---- | M] (Hewlett Packard) [Auto | Running] -- C:\Users\ADMINI~1\AppData\Local\Temp\7zS3496\HPHNDUSVC.dll -- (HPHNDUSVC)
SRV - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.02.02 12:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.10 12:04:42 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.28 17:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012.05.14 17:48:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 17:48:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.02 14:23:42 | 000,154,624 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.08 10:25:33 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011.12.09 13:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 06:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.12.08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.10.19 10:00:00 | 000,026,856 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tclondrv.sys -- (tclondrv)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.23 18:35:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.23 18:35:02 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.23 18:35:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.23 18:35:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.07.30 04:30:25 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura)
DRV:64bit: - [2010.05.09 10:56:26 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010.05.09 10:56:12 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.05.09 10:56:12 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.03.26 09:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2010.03.26 09:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 69 98 53 27 57 CB 01  [binary data]
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files (x86)\OpenOffice.org 3\program [2011.03.07 21:07:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011.04.02 12:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.10.21 16:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.23 11:45:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 20:55:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.07 05:26:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.06 20:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.23 11:45:37 | 000,000,000 | ---D | M]
 
[2011.12.01 18:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.03.20 20:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.01 18:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{SbX-140758-9783706833783-stu10}
[2012.05.17 09:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vnjk8gc6.default\extensions
[2012.02.29 20:16:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vnjk8gc6.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.02.23 21:16:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vnjk8gc6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.05.17 09:59:23 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vnjk8gc6.default\extensions\fb_add_on@avm.de
[2011.03.24 21:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vnjk8gc6.default\extensions\nostmp
[2012.07.07 05:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.07 05:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.21 20:55:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.17 16:52:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 16:52:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.17 16:52:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 16:52:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 16:52:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 16:52:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.20 20:02:55 | 000,392,034 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 13539 more lines...
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [%RunKey%] C:\Program Files (x86)\FRITZ!vox\FRITZ!vox.exe (AVM Berlin)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353510478-1413262324-3580610458-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500..\Run: [AVMUSBFernanschluss] C:\Users\Administrator\AppData\Local\Apps\2.0\PJK5LQQY.209\LY0P5LEG.ZR4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500..\Run: [LG LinkAir] C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2353510478-1413262324-3580610458-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206 File not found
O8:64bit: - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208 File not found
O8:64bit: - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210 File not found
O8:64bit: - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205 File not found
O8:64bit: - Extra context menu item: LG Air Sync Option - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206 File not found
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208 File not found
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210 File not found
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205 File not found
O8 - Extra context menu item: LG Air Sync Option - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FC33ACF-05AC-411B-9D13-9C43FE7535E6}: DhcpNameServer = 212.33.32.160 212.33.55.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF1846A-D641-4FA6-9371-B0DE6E9BEC30}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.07 05:57:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.07.06 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.07.06 20:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.06 20:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.06 20:26:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.06 20:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.06 17:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.06 16:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO Optics Pro 7
[2012.07.06 16:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\DxO Labs
[2012.06.15 21:16:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2012.06.15 20:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.15 20:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.15 20:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.15 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTRIP
[2012.06.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NTRIP
[2012.06.10 18:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.01.08 10:25:33 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.07 09:58:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.07 09:38:36 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 09:38:36 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 09:34:05 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012.07.07 09:31:43 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.07.07 09:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 09:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.07 09:30:23 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.07 05:57:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.07.07 05:57:13 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012.07.06 20:26:08 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 17:19:18 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.07.06 17:16:41 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.06 16:29:20 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\DxO Optics Pro 7.lnk
[2012.06.20 07:13:39 | 001,622,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 07:13:39 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 07:13:39 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 07:13:39 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 07:13:39 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.15 20:50:44 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.15 20:45:47 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\NTRIP.lnk
[2012.06.15 20:42:20 | 000,487,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.07 09:34:05 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012.07.07 05:57:01 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012.07.06 20:26:08 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 17:19:18 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.07.06 17:16:41 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.06 16:29:20 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\DxO Optics Pro 7.lnk
[2012.06.15 20:50:44 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.15 20:45:47 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\NTRIP.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.08 10:25:33 | 000,099,384 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\inst.exe
[2012.01.08 10:25:33 | 000,007,859 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat
[2012.01.08 10:25:32 | 000,001,167 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.10.23 11:40:44 | 000,262,706 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.10.23 11:40:44 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011.07.18 20:15:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.07.18 20:15:38 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.11.09 20:26:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.07.31 15:13:59 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\rescuepro34act.lic
[2010.07.31 15:13:59 | 000,000,051 | ---- | C] () -- C:\Users\Administrator\rescuepro.properties
[2010.04.04 07:48:24 | 000,007,603 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010.03.29 09:30:21 | 000,000,680 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2010.01.13 20:58:59 | 000,009,728 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.01 10:05:27 | 000,015,254 | -H-- | C] () -- C:\ProgramData\OEMLOGO.BMP
 
========== LOP Check ==========
 
[2010.11.05 16:54:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2011.03.01 19:45:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010.11.14 11:21:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.17 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
[2010.10.28 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Digiarty
[2012.04.19 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DxO Labs
[2011.11.15 18:27:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ePaperPress
[2011.08.19 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Exif Viewer
[2012.07.06 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2011.03.06 14:13:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!
[2009.12.17 23:04:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.06.04 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GARMIN
[2010.01.15 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabPro
[2011.03.06 15:43:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haenlein-Software
[2010.11.09 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HandBrake
[2012.02.11 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
[2011.10.07 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2011.12.01 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Manz
[2010.01.15 14:47:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ML
[2011.03.27 16:50:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mquadr.at
[2011.11.18 18:42:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyPhoneExplorer
[2011.07.19 04:48:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenCandy
[2010.03.20 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.01.14 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2011.11.15 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PACE Anti-Piracy
[2010.01.10 12:44:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2010.08.21 06:36:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhotoFiltre
[2010.11.04 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProgSense
[2011.11.19 12:32:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2011.11.19 12:48:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Temp
[2010.03.20 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2010.01.10 14:12:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.01.09 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2012.04.03 19:30:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XMedia Recode
[2010.02.21 12:19:41 | 000,000,000 | ---D | M] -- C:\Users\Alex-Schule\AppData\Roaming\CheckPoint
[2010.01.06 22:19:25 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\CheckPoint
[2010.01.31 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\FRITZ!
[2011.12.01 18:47:55 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Manz
[2011.07.19 13:48:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MyPhoneExplorer
[2010.03.20 21:10:02 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\OpenOffice.org
[2010.12.25 13:14:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Orbit
[2010.11.05 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ProgSense
[2011.11.21 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Samsung
[2010.03.20 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Thunderbird
[2010.09.18 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Canon
[2011.08.25 22:01:23 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.01.06 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CheckPoint
[2011.12.11 17:58:07 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DxO Labs
[2010.07.30 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FRITZ!
[2010.05.29 17:22:55 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GARMIN
[2011.11.18 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MyPhoneExplorer
[2010.03.20 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\OpenOffice.org
[2010.12.16 07:56:51 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Orbit
[2011.12.11 17:57:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PACE Anti-Piracy
[2010.01.13 21:40:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PC Suite
[2010.11.04 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\ProgSense
[2011.11.19 13:20:35 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Samsung
[2012.05.20 11:41:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Temp
[2010.03.20 18:21:08 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird
[2010.06.06 11:01:15 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\abby684
[2010.11.05 21:48:12 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\AnvSoft
[2010.11.05 19:44:37 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\BITS
[2010.09.02 20:02:34 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Canon
[2010.10.31 14:40:56 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.01.06 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\CheckPoint
[2012.05.14 17:45:37 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\DxO Labs
[2010.11.05 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\FlashGet
[2010.11.05 19:41:24 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\FlashGetBHO
[2011.07.11 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\FRITZ!
[2011.06.28 21:21:00 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\GARMIN
[2011.04.28 19:09:52 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\GetRightToGo
[2010.11.05 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\GrabPro
[2010.11.21 21:10:12 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\HandBrake
[2010.11.04 19:52:38 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\NCH Swift Sound
[2010.04.02 04:39:31 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\OpenOffice.org
[2011.04.30 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Orbit
[2011.12.09 12:04:30 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\PACE Anti-Piracy
[2010.01.15 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\PC Suite
[2010.06.13 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\PhotoFiltre
[2010.11.04 19:18:05 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\ProgSense
[2010.11.04 19:45:22 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Recordpad
[2011.11.19 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Samsung
[2010.10.12 21:38:51 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Swhst
[2010.11.05 19:51:28 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Sytexis Software
[2012.05.14 20:22:38 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Temp
[2010.03.20 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\Thunderbird
[2012.07.06 19:48:24 | 000,000,000 | ---D | M] -- C:\Users\Milan\AppData\Roaming\XMedia Recode
[2012.06.10 07:22:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 1263 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:MHYcNgNQHaZfwNw5wSaw9k9s
@Alternate Data Stream - 1262 bytes -> C:\ProgramData\Microsoft:FLKJ2okFnKcCHSpPEmByIPZ5UL
@Alternate Data Stream - 1151 bytes -> C:\Users\Administrator\AppData\Local\Temp:GmrytYA7QRBZ1ZuFYQXph0kC3s
@Alternate Data Stream - 1101 bytes -> C:\ProgramData\Microsoft:aaT8GZxVeetwtKkfvOOwH9jbK
@Alternate Data Stream - 1054 bytes -> C:\ProgramData\Microsoft:7nkT1PyugfT2PntIg1vHWyYe

< End of report >
         
--- --- ---

... ist sehr lang - da ist viel Mist, aber auch viele Fotos... Gott sei Dank habe ich die auch auf ext. Festplatte!

Und zum Schluss - Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.07.2012 09:35:24 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,36% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 23,46 Gb Free Space | 7,87% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 17,16 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Drive F: | 979,05 Mb Total Space | 261,63 Mb Free Space | 26,72% Space Free | Partition Type: NTFS
 
Computer Name: PC-01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FFD8784-BD5E-444A-BB54-02C4588ABDB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10D00157-7F38-41E7-8A0A-D34B11175D0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1309ECC5-026A-4BE8-AEEB-BB672E6CE85B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1E6F7332-40CC-46C7-8854-7B68D5BD6858}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F718A29-591D-4B5C-8251-C4C2EF0F8343}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1FF615A2-8355-44BF-B315-4461777FBBD0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{2048C29B-2F0F-44CD-8E30-B1D0C7F4729A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{281DC3CB-FC39-4185-91AD-D9F0A392B421}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3069A922-4E35-4015-9514-B0C6990114C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3DBDAC3C-D8FD-47FA-BD52-5E6E96766D17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DCE33EA-1311-4397-AAB1-9A0F32CABA43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3ED8D0CE-1723-4CA8-9C9B-4557338D17F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{43724996-2CA5-433F-9FFB-A1C908A14368}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4496FB48-BEE2-4068-BE47-5BF76D3F89F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{66556222-F108-46A6-AEFB-3037211BB078}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77EDE609-F93D-4A11-93E3-C3E029BD878A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7E4A97B3-B55B-49D6-9DFF-75B235AB556B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7F4F7920-A015-48D5-ADB9-22F17BD7E9E8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{84AC2FC5-961A-4C45-96A4-42FE898FCDDA}" = lport=rpc | protocol=6 | dir=in | app=c:\programme\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"{88DA018F-3AA9-47BD-8939-43E5B269734C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9000545A-E3C7-4B06-A340-84AC0CF36EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90EA5F6A-2654-4414-A5F8-63D2B2F42A83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{96ED17DF-EE38-4C3B-BEE1-DB2529CB5805}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98DF06B5-2CF2-44BC-961C-EA078C033E74}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B11ACA27-8E5F-41CC-A232-F50B54137040}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B788AE8C-BBC0-4B29-B122-EDABA81BC7BA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B9454448-BAA9-4A8B-9B2A-BD8E5F382CFB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BB798F40-DA0B-4BA6-8DFA-7916B8F22016}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BDCE250E-EB6C-4A35-B786-358BA6C52615}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C00AC970-7168-443D-BF8C-F893313556E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CFA065AC-B560-4EA2-900C-53A39C823A42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6D1EA15-D805-448E-9AD4-56B1EF3247CF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DB61514A-4B35-4FDD-BB74-B8721A24C3E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6CAE0D9-0FF4-4941-A05C-8853F63234E7}" = lport=rpc | protocol=6 | dir=in | app=c:\programme\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"{E9BBC60D-1FDB-4BC1-9F3C-957866F152E3}" = lport=rpc | protocol=6 | dir=in | app=c:\programme\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"{EB3220F9-2B7D-4AF6-8DF5-19219C07B55F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EFB78EF3-0DF9-44A9-BEC1-90B603BFF31A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011929B1-0F94-442E-AAB8-8ADB1E320AE2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{045C90C3-33EC-47E5-ACDC-83BD1197A1A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{04DD8923-05C8-4DFF-8CE6-E2FA7F37C8E6}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{063FFFA5-04D9-4DF2-8E4A-3058527E2394}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{09CCD13F-9ABA-4B78-9BED-CAF3C1BEFC78}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{10BD92D1-C315-448D-B21A-D7F328D961A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{10CDFAC6-27EB-4B6D-8F7B-CEB082250E24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12A020D7-9758-4F05-B2CB-800E46C0E5AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{14B313C7-5697-4EDC-B656-BB3BD677748A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{158AE856-772D-436A-862F-3BE439D0332A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{1825DC76-38E1-40D7-8B8D-2571BEF1E71A}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!fax\igd_finder.exe | 
"{1E61A264-D9A8-40C9-9FB9-504EE244FA51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{1F27E8C6-C9F2-48DB-9AC5-DFE45F04F6A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{287C5496-FB92-43FD-8C40-1E66F3790485}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2930026B-A389-4F27-B523-D8907643F624}" = protocol=1 | dir=in | app=c:\programme\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"{2C6BA3F1-BF37-482E-B39A-3302EBCA2317}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F1CA472-600A-4B95-B49F-0E529D56672B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31DD4BEF-6193-4B57-BF60-601B42F118B1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{36C1ED22-8F81-4FDA-BC6D-F8B0AAFC9560}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | 
"{377F34DC-FD49-476B-801B-B36195D47D60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{382CDC16-4BEE-4F1D-A4CD-28F79192E2C8}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{4286B3C6-7B20-4917-9B7E-F0145DB3ECB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{4750E8D9-0D09-4203-9C61-AF0A1135345C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{4BDFFD2F-3837-46BD-87D1-BE6404AD532C}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{4E4770F3-75F8-482C-B725-D88E03424431}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{4F19F3BD-FCE6-4517-83B7-3786478ABB57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{5019DA06-C4A5-44C8-8141-5478A7427529}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5199A7FB-685D-44C2-BA98-F3B2DAA3C610}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{557DBBE1-24E4-4753-90FB-4C7468357DAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A7FA7FD-FB69-4FE4-A2B1-C28D59401D2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{5B8092F0-ACAC-4915-925A-657A82ECCD23}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5BAEB222-A3CB-4DB5-9615-409AE6E2D3EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5CAD4A7F-80FD-45C2-A1BA-68370C057FB4}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!fax\igd_finder.exe | 
"{5FD67427-8E23-41D0-92D8-14C74656AF27}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A2686D1-C0DA-4B33-B9CD-9270C1D00076}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{708042D9-3F07-4F42-A308-7020AD2BC16B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{71D80059-22B3-4CB3-A535-B20F179623A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{785CA8C0-FCCA-4CDE-AAFC-AA653AAB62CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CBC8586-1282-4D96-B6DC-83BF59836CF1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{89552267-8257-46DA-85CF-A91BDFD91BC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{93AAA8D1-6585-4659-993C-C95E03C2E5AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{93BD8D61-8DB4-4075-82D4-D9D326BC4260}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{94314248-DEB6-4AE9-BEBA-D19B771AA891}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{94AE6A11-7D62-4CFB-9C46-174784817E5D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9651F7FF-37D7-422F-A9A2-308BD6B6CFF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{9907228C-324B-4543-B67B-2F8A195F7F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | 
"{9AC76F7C-9643-419D-A1A8-598A358F16ED}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{9CA0758E-7523-4F9D-BA11-258B3BC1411B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A95ACA50-09AB-4716-905C-2E2E420D43FB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{ADF85679-FFC0-4A2B-A591-932FF4FE27BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF282841-1D7B-45FB-8B79-D38961F65C6C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{B2FC1754-50C0-4EF7-9991-821456896340}" = protocol=1 | dir=in | app=c:\programme\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"{B4D0EFC3-2348-4768-A897-005B187B74CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B7663F9E-F7FB-41BA-BC81-817424ACFD80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{BBEE963E-911E-48FB-B578-341646667CDA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C717CD4E-0634-4360-99FD-561320BF353B}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{D1C77378-E7CB-47BE-A8C0-7BBB33D9ADC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{D4A2168E-D97F-40AB-93AB-372E64BB5CC6}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\pjk5lqqy.209\ly0p5leg.zr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{D55EB37F-5AE6-467B-86F7-0752B00D02C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D67E0FAF-63ED-456F-9349-6C7548C2DB4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{D8693D0D-6AB1-4DD8-9A60-BBC1DB3F1C49}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{DCD8DB1A-D424-4960-9FB4-77CA371BBB06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD4C6097-71E4-4FA5-8EFB-6852B6BCA71F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{E3B13882-0403-4A9E-9829-7CAA6D69B4E3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E4014A49-9BBB-4D1F-891D-218E6AA454CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9FEAE72-BEF1-4855-B9D0-D7DB277B4EEB}" = protocol=6 | dir=out | app=system | 
"{EBB5F149-DAC7-432F-BC35-B288EB335329}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EBE9E999-1A2D-4D8D-974E-FF5B0D29810B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{ED312559-7FD4-4786-BDCC-A65020D1356C}" = protocol=1 | dir=in | app=c:\programme\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"{EDAEA38D-DA0D-4EC5-B1E6-EF58965D7F5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EF85506E-8009-410C-9946-BB13E6B68444}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F0CBD577-D690-4DC6-A905-0148455B358C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{F1DB6566-891C-4B33-9517-CC7282BA6DEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{2e1b4b42-069f-4f53-9966-9b9b938d7fe5}\setup\hpznui40.exe | 
"{F4C45C5D-B437-40EE-8CC3-09F6438962C7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F6D4BD0B-8927-4645-97B8-02D4838AA19E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{F9F803BC-D827-4A9D-BE8F-20327EA985F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{FA575D70-3D84-403A-B5BC-418875E035B5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FBC6630C-45B7-4D12-B814-9E8BEEF625A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"TCP Query User{0104B0BA-C350-4F07-A872-F7E7CB40EE52}C:\program files (x86)\fritz!vox\fritz!vox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | 
"TCP Query User{0AFE4AA7-2A45-47D2-9A60-4FDFD3458ED2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{6590BCCD-6E60-49C8-8AA4-8798EC4EFF0B}C:\program files\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe" = protocol=6 | dir=in | app=c:\program files\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"TCP Query User{6AB667A5-A1FD-4099-AB1B-8D8A09A694C1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{998C9BA6-68E1-44E8-A36A-564FF4CCA2E2}C:\program files\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe" = protocol=17 | dir=in | app=c:\program files\sisoftware sandra lite 2010\wnt500x64\rpcsandrasrv.exe | 
"UDP Query User{9C1CD505-37BE-453B-A672-C19D7808A94F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{ADE297C7-9AAE-4473-ACB0-E37BF16ED7A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{F22FE400-057A-4967-A0F2-90BE14CE2244}C:\program files (x86)\fritz!vox\fritz!vox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{2CAB3CB2-5C95-4DFD-8C66-4D91BCC6EDCC}" = DxO Optics Pro 7
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PremElem100" = Adobe Premiere Elements 10
"Shop for HP Supplies" = Shop for HP Supplies
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AB150AB-9DC0-45EE-B281-38B1D4C3ABAC}_is1" = SbX-CD-Update
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAD21AD-EE06-46C9-8B57-28D53DF9FB06}_is1" = NTRIP
"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71401465-5DAD-4E95-BCFC-B13DFDD9771E}" = Garmin City Navigator Europe NT 2012.30 Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D6E733-A428-469B-8C53-60EC0F991A89}_is1" = Update minilHomer 2.7 Version 2.7
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB-Aktualisierungsprogramm
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B28311A2-EA16-4F85-80CE-1BF2B0912C8F}" = Garmin City Navigator Europe NT 2012.40 Update
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E58A0BB1-1FA1-40DC-AFA4-2C86D0A3B879}" = locr GPS Photo
"{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}" = Garmin City Navigator Europe NT 2013.10 Update
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{SbX-140758-9783706833783-stu10}}_is1" = SbX RW  Controlling HAK II (2009-10) mit MANZ Lernraum
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content
"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1
"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2
"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3
"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1
"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2
"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBoxAnswerMachine" = AVM FRITZ!vox
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DPP" = Canon Utilities Digital Photo Professional 3.11
"DVD Shrink_is1" = DVD Shrink 3.2
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"FMS" = FMS
"fotobook Maker_is1" = fotobook Maker 2.1
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"ImgBurn" = ImgBurn
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mediaport" = Mediaport
"Mihov Picture Downloader" = Mihov Picture Downloader 1.5 (remove only)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.2
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.8.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2353510478-1413262324-3580610458-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"FileZilla Client" = FileZilla Client 3.5.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.06.2012 01:38:43 | Computer Name = PC-01 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.06.2012 02:41:14 | Computer Name = PC-01 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\fotobook maker\delzip179.dll". Fehler in Manifest- oder Richtliniendatei 
"c:\program files (x86)\fotobook maker\delzip179.dll" in Zeile 8.  Der Wert "*" des
 "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.06.2012 12:26:20 | Computer Name = PC-01 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.06.2012 12:06:11 | Computer Name = PC-01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.0.4535,
 Zeitstempel: 0x4fc8de63  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x5bb19903  ID des fehlerhaften Prozesses: 0xccc  Startzeit der fehlerhaften Anwendung:
 0x01cd4fc72d0347f7  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 0474cda7-bbbb-11e1-b074-00241dc0f339
 
Error - 21.06.2012 14:50:12 | Computer Name = PC-01 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\fotobook maker\delzip179.dll". Fehler in Manifest- oder Richtliniendatei 
"c:\program files (x86)\fotobook maker\delzip179.dll" in Zeile 8.  Der Wert "*" des
 "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.06.2012 15:15:40 | Computer Name = PC-01 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.07.2012 10:52:22 | Computer Name = PC-01 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\fotobook maker\delzip179.dll". Fehler in Manifest- oder Richtliniendatei 
"c:\program files (x86)\fotobook maker\delzip179.dll" in Zeile 8.  Der Wert "*" des
 "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.07.2012 15:46:42 | Computer Name = PC-01 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.07.2012 16:05:14 | Computer Name = PC-01 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.07.2012 18:32:40 | Computer Name = PC-01 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\fotobook maker\delzip179.dll". Fehler in Manifest- oder Richtliniendatei 
"c:\program files (x86)\fotobook maker\delzip179.dll" in Zeile 8.  Der Wert "*" des
 "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 25.06.2012 15:18:35 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 25.06.2012 15:18:35 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 06.07.2012 10:03:30 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 06.07.2012 10:03:30 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 06.07.2012 12:37:25 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 06.07.2012 12:37:25 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 06.07.2012 14:35:59 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 06.07.2012 14:35:59 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 07.07.2012 03:30:48 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 07.07.2012 03:30:48 | Computer Name = PC-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
 
< End of report >
         
--- --- ---

Falls ich etwas falsch gemacht habe, sorry und bitte um Anweisungen!
Danke, Milan
__________________


Antwort

Themen zu Bundespolizei 5.2 Österreich eingefangen
64-bit, anti-malware, avira, avira rescue, backdoor.poisonivy, boot-cd, brennen, bundespolizei, defogger, eingefangen, folge, folgendes, gefangen, gen, milan, nichts, rechner, rescue, system, win, win 7, Österreich




Ähnliche Themen: Bundespolizei 5.2 Österreich eingefangen


  1. Bundespolizei Virus Österreich kein abgesicheter modus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (3)
  2. Bundespolizei-Virus Version Österreich, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  3. bundespolizei österreich trojaner
    Log-Analyse und Auswertung - 01.11.2012 (4)
  4. Ukash Österreich eingefangen
    Log-Analyse und Auswertung - 24.10.2012 (1)
  5. BKA Trojaner (Österreich Edition) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (4)
  6. Bundespolizei österreich UKASH trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (5)
  7. Bundespolizei Trojaner- Österreich
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (5)
  8. Probleme mit Bundespolizei-Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.08.2012 (27)
  9. Bundespolizei Trojaner Österreich
    Log-Analyse und Auswertung - 12.08.2012 (13)
  10. computerkriminalität des criminal intelligence service einheit 5.2 Österreich - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (13)
  11. Bundespolizei Trojaner Österreich!
    Log-Analyse und Auswertung - 02.08.2012 (16)
  12. bundespolizei trojaner: österreich
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (2)
  13. Bundespolizei Einheit 5.2 Infektion Österreich Version
    Log-Analyse und Auswertung - 22.07.2012 (10)
  14. Bundespolizei (Österreich) - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 20.07.2012 (9)
  15. Bundespolizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (2)
  16. Bundespolizei Österreich
    Log-Analyse und Auswertung - 11.07.2012 (3)
  17. Bundespolizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (7)

Zum Thema Bundespolizei 5.2 Österreich eingefangen - Hallo, Titel sagt alles... habe Folgendes getan: 1. Anti-Malware läuft 2. Defogger und OTL downloaded, sind einsatzbereit (64-bit Win 7) Jetzt habe ich aber die Info über Avira Rescue System - Bundespolizei 5.2 Österreich eingefangen...
Archiv
Du betrachtest: Bundespolizei 5.2 Österreich eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.