Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Update Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.07.2012, 12:51   #1
blueheart007
 
Windows Update Trojaner - Standard

Windows Update Trojaner



ein Hallo an alle in der community. Habe immer noch ein Problem mit dem Verschlüsselungstrojaner. Mein Sohn hat sich den auf seinem rechner eingefangen, nachdem er eine zip-datei geöffnet hatte (irgend so ein minecraft-skin oder sowas) hab das vor zwei wochen schon entfernt, mit malware-bytes, ging auch prima, obwohl ich Depp mich nicht an die Anweisungen hier gehalten habe, sondern die Funde gleich hab löschen lassen. Dachte, damit sei es getan. Die Aufforderung zur zahlung kommt auch nicht mehr, habe dann mühsam mit Shadow-Explorer alle verschlüsselten Dateien wieder zurück kopiert. Ein paar Tage später sind alle dateien wieder verschlüsselt, es kommt zwar nicht die aufforderung, zu zahlen, man kann den rechner normal nutzen, nur die dateien sind wieder futsch. Hab jetzt Malwarebytes nochmal drüber laufen lassen, der findet aber nix. lediglich avira hat angeschlagen und mir folgende Meldung gebracht: [FUND] Ist das Trojanische Pferd TR/Matsnu.EB.31 und hat diesen fund bereinigt. Was kann ich tun, damit ich die dateien dauerhaft wieder herstellen kann? MIt shadowexplorer geht es ja, nur bringt das nix, wenn ein paar tage später wieder alles verschlüsselt ist.

Danke schon mal für alle hilfreichen tipps im voraus.

Gruß Uwe

Hier jetzt die otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.07.2012 18:53:49 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Marc\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,56 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 66,65% Memory free
7,12 Gb Paging File | 5,88 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 161,94 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.08 18:53:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
PRC - [2012.07.08 18:51:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.05.21 16:30:24 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.10 05:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.10 05:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.11.07 21:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011.11.07 21:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011.07.01 11:39:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 14:18:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe
PRC - [2010.11.05 20:31:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.09 14:44:20 | 000,713,032 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.08 18:51:54 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.27 18:17:40 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\ProgramData\IBUpdaterService\ibsvc.exe /SERVICE -- (IBUpdaterService)
SRV - [2012.07.08 18:51:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.21 16:30:24 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.07 21:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.11.07 21:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.07.01 11:39:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 14:18:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.06 03:44:03 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.10 06:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.11.10 19:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2011.07.01 11:39:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 11:39:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.10.25 19:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2003.11.14 10:38:32 | 000,183,680 | ---- | M] (D-Link. All Rights Reserved.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETDLWL.sys -- (NETDLWL) D-Link Air Wireless Adapter(DL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={24D37CD6-7170-4586-B0FA-1D8C221395F2}&mid=f298667c21564c9593c0d71952b4a87f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=dw011&pr=sa&d=2012-05-21 16:30:26&v=11.1.0.7&sap=hp
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=008a1226000000000000001195290246
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={24D37CD6-7170-4586-B0FA-1D8C221395F2}&mid=f298667c21564c9593c0d71952b4a87f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=dw011&pr=sa&d=2012-05-21 16:30:26&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0
FF - prefs.js..extensions.enabledItems: webbooster@iminent.com:4.22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.25 15:03:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 17:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 18:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 14:27:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 17:57:49 | 000,000,000 | ---D | M]
 
[2009.10.08 12:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2012.07.08 18:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions
[2011.01.16 13:22:19 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2012.07.08 18:52:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.08 17:55:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.02 21:58:17 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2010.08.17 20:27:17 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\1u47sd1b.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.11.29 15:22:55 | 000,002,270 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\1u47sd1b.default\searchplugins\SearchTheWeb.xml
[2012.06.16 14:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.16 19:14:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.02 21:58:17 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
[2011.12.02 21:58:17 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\WEBBOOSTER@IMINENT.COM
[2012.07.08 18:51:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.08 18:51:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.21 16:30:22 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.16 10:35:28 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.07.08 18:51:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.08 18:51:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.10 16:08:27 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.07.08 18:51:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.10 12:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012.07.08 18:51:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.08 18:51:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.17 17:23:16 | 000,000,852 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [wyat.exe] C:\Users\Marc\AppData\Roaming\Yqwez\wyat.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA3E22A-FDCD-4A04-A6F4-91DDB2A5C842}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e2ea98a-c146-11de-82d5-001195290246}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2ea98a-c146-11de-82d5-001195290246}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{2e2ea9c4-c146-11de-82d5-001195290246}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2ea9c4-c146-11de-82d5-001195290246}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.08 18:53:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012.07.08 18:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.08 18:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.07.08 14:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.07.08 14:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.07.08 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.08 13:21:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.08 13:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.25 15:07:15 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
[2012.06.25 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\Lllliii
[2012.06.24 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.06.24 18:14:37 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\HP
[2012.06.24 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\HP
[2012.06.24 17:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.06.24 17:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.06.24 17:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.06.24 17:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012.06.24 17:55:21 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2012.06.24 17:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.06.24 17:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.06.24 15:23:37 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\.techniclauncher
[2012.06.23 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.06.23 17:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.22 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Aavvvveeee
[2012.06.16 14:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.16 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.16 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\My Videos
[2012.06.16 13:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012.06.16 13:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2012.06.16 13:11:09 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\SelfMV
[2012.06.16 12:14:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup
[2012.06.16 12:14:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup\0200110.014
[2012.06.16 12:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
[2012.06.16 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2012.06.16 12:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.06.16 12:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.06.16 12:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012.06.16 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Samsung
[2012.06.16 11:27:49 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\samsung
[2012.06.16 11:25:59 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.06.16 11:25:59 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.06.16 11:25:59 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.06.16 11:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.06.16 11:24:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.06.16 11:24:36 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.06.16 11:05:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.16 11:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverBoost
[2012.06.16 10:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.06.16 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Babylon
[2012.06.16 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Babylon
[2012.06.16 10:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.16 10:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2006.11.20 10:01:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\AMCap.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.08 18:53:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012.07.08 18:49:54 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.07.08 18:49:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.08 18:49:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.08 18:49:08 | 2868,191,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.08 18:48:04 | 000,000,020 | ---- | M] () -- C:\Users\Marc\defogger_reenable
[2012.07.08 18:47:06 | 000,050,477 | ---- | M] () -- C:\Users\Marc\Desktop\Defogger.exe
[2012.07.08 18:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.08 13:26:38 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 13:26:38 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 13:21:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.08 13:12:25 | 000,001,309 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.06.24 18:14:40 | 000,002,164 | ---- | M] () -- C:\ProgramData\xxoooEfffVjjjAttss
[2012.06.24 18:14:39 | 000,241,192 | ---- | M] () -- C:\Windows\hpwins28.dat
[2012.06.24 18:10:26 | 000,339,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.24 17:56:21 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.06.24 14:48:38 | 000,052,736 | ---- | M] () -- C:\Users\Marc\Desktop\OODDDDQQQQTTTarrrNsss
[2012.06.23 20:11:45 | 000,946,352 | ---- | M] () -- C:\Users\Marc\Desktop\pXXgggglDDDuuuuaT
[2012.06.23 20:08:12 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Outlook 2007.lnk
[2012.06.20 13:41:05 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.20 13:41:05 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.20 13:41:05 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.20 13:41:05 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.16 11:29:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.06.16 11:27:43 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.06.16 10:35:32 | 000,000,474 | ---- | M] () -- C:\XpXOgOgesesJvvJa
[2012.06.12 16:15:54 | 000,001,608 | ---- | M] () -- C:\Users\Marc\Desktop\TaTrNNNseesJJJJXX
[2012.06.10 12:56:21 | 000,690,289 | ---- | M] () -- C:\Users\Marc\Desktop\VEEEEttttAAjjU
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.08 18:49:54 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.07.08 18:47:17 | 000,000,020 | ---- | C] () -- C:\Users\Marc\defogger_reenable
[2012.07.08 18:47:05 | 000,050,477 | ---- | C] () -- C:\Users\Marc\Desktop\Defogger.exe
[2012.07.08 13:21:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 18:12:47 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012.06.24 17:57:12 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.06.24 17:56:51 | 000,001,309 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.06.24 17:56:21 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.06.24 17:54:10 | 000,241,192 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.06.24 17:54:10 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012.06.23 20:08:12 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Outlook 2007.lnk
[2012.06.16 14:27:06 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.16 12:14:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NortonPCCheckup\0200110.014\isolate.ini
[2012.06.16 11:29:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.06.16 11:27:43 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.21 16:29:37 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012.05.21 16:29:37 | 000,106,879 | ---- | C] () -- C:\Windows\unins000.dat
[2012.05.12 21:01:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll
[2012.05.05 20:35:04 | 000,004,608 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.23 19:16:31 | 002,497,985 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.01 09:25:24 | 000,138,056 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\PnkBstrK.sys
[2010.07.11 10:34:33 | 000,117,536 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[1601.02.13 10:28:18 | 012,824,576 | ---- | C] () -- C:\ProgramData\UdddooooxxxxAjjjfff
[1601.02.13 10:28:18 | 000,002,164 | ---- | C] () -- C:\ProgramData\xxoooEfffVjjjAttss
[1601.02.13 10:28:18 | 000,001,456 | ---- | C] () -- C:\Users\Marc\oEEVfffAjjjtttsnnnn
[1601.02.13 10:28:18 | 000,001,326 | ---- | C] () -- C:\Users\Marc\UnnnnttttjjjAV
 
========== LOP Check ==========
 
[2012.06.23 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.minecraft
[2012.06.25 15:01:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.techniclauncher
[2012.06.23 20:00:59 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Aavvvveeee
[2009.10.25 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ace
[2012.06.16 10:34:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Babylon
[2012.05.21 15:49:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DAEMON Tools Lite
[2011.11.08 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DVDVideoSoft
[2011.11.08 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.23 16:46:18 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\EAC
[2012.03.24 15:46:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0
[2010.09.08 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\IObit
[2012.03.08 14:30:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LOVE
[2010.03.21 15:09:12 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ML
[2012.03.19 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Nav
[2011.03.02 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OpenCandy
[2012.03.23 20:26:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Paeh
[2010.03.21 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PC Suite
[2012.01.15 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\pymclevel
[2012.06.16 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Samsung
[2012.04.03 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer
[2012.06.16 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Temp
[2012.05.28 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TS3Client
[2012.04.22 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ts3overlay
[2010.01.06 11:00:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TuneUp Software
[2012.06.20 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Usol
[2010.07.10 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\uTorrent
[2009.12.26 20:01:47 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\VOWSoft
[2012.07.08 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Yqwez
[2012.04.16 17:16:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


und die extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.07.2012 18:53:49 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Marc\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,56 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 66,65% Memory free
7,12 Gb Paging File | 5,88 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 161,94 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CAC1F2-6BDC-4442-81D8-39A559866D27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{052A3DCD-D595-4ADB-8A99-A74F644F74D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D876DBE-3004-48CF-9735-304D95FF07FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{114EB8E1-973C-4D97-BD18-27AAE3DF3237}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28209765-CA1D-4C01-B6CE-BF7E0D4C3860}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{36296F85-F860-4704-B154-CEB004EB2F14}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{3AB5B97B-FF53-48D5-8834-526F2EB103B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46D9D26B-A36F-4FC2-9565-5E4B16E18634}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{54E8FD00-7008-47EB-9C9B-6CDE0EAA8122}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5882A000-EF51-45BD-B013-7C31D8DB7503}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5B818502-9145-4E17-9C7B-0FA3BD2CE017}" = lport=137 | protocol=17 | dir=in | app=system | 
"{660ADB5D-F6EB-468B-8C78-7EF534945204}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6843EE47-F130-49D4-BBBF-4BE74565C00E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{6F0276BB-FF51-47A9-A2F2-95FAEA5B7553}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{7B584832-A4D2-4E95-88BD-F358F8C9CFB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7DDE0B88-F3BC-4881-B4CB-4A86DA407CC8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7F7432EA-D4B4-4FCE-B195-7796F2441631}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{85251080-AD27-48DB-9D61-F2027B5F02B1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 
"{967288A7-DD50-44A7-A0DD-2AAC54092DC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4D64974-6BDD-4571-BFAF-EE26854FD1AB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B8A16771-965F-4B82-B384-AE45BD38E19A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BEA71CB9-E99D-4FB8-B16F-12C4459F6BD3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C240DDC9-D8EB-4221-8B4D-8DC297DD2EAF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{C8D2E36B-7406-45BD-B0F6-31C6824F3694}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9CDBFFC-9E12-4EFD-A3D1-88D9383E4632}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D96D9569-3FDD-46BE-802A-0666DC179B15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF8E6B6C-2C28-432A-BD14-17CC59A4E5EF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E4B64D37-6D64-4746-BD94-D88EC3D0572C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5B04D39-9F0F-4F95-B2C2-BFE47B8CEA46}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EBFD80AC-FE39-4C8E-A86B-6EF9B3630DCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3C1DAEE-4041-4485-90ED-F9FADCA5DD63}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCB716A4-C63C-4DC7-978F-44587ED02892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D8611-0A3E-4863-8CAB-E56FDEE62935}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{016F7AD2-D993-4EF5-A955-729585D2CD15}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{04A7FB85-8B16-4769-93CE-20C61BEE7EEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0628A924-182C-4CEE-956C-9C521E6796C9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{081E05F7-9E80-48B8-9601-2A45DD7440A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0877954B-AB37-4469-9638-E98A8A79BF15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A7AF1D2-EBE5-4BCB-98E5-F4C5BEF9DFF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C34975E-1C00-4D9E-B7FD-A7213067E3DA}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{0D3785A2-4B1B-479B-BAF1-62D6C0265A23}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{19CFEF43-CA16-4572-B87B-7A61968FD722}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C440BDA-AC23-4086-9771-76B2DD14E1A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1DDC602B-A678-4A02-8EEB-27F2163CDE77}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2450ECE2-D7BF-461C-AD16-7B2ADC7A7ECC}" = dir=in | app=c:\users\marc\appdata\roaming\caizwu\omquuv.exe | 
"{27B40E8C-941D-444B-9BF0-FAFD0ABF64BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FCF5E70-A2D8-4D91-B980-66C0E61DC73F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3022927B-B3C1-4770-851D-32DD448C3D86}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{349D5E97-86F2-4579-B893-D40B1A292F31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{34B71966-2466-4DF6-8D57-F6C2260B0E73}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D01B98D-6F7F-465D-AED3-00797A71CB01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4135BAD7-3982-4AE5-8655-B9B8FD07B9BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4B8E0D77-1431-4C74-B3B4-C5AFEF789AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{533E0691-6A67-44E2-B67A-AD43E0F654BB}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{58FBC19C-42B3-493C-95E8-92DAACD4CB3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{594B5D62-2060-4C79-8F4B-7E6C49ED78C3}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{59F4633A-6EF7-4CE0-9960-AD7BB1211512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A537822-0542-4D2A-BF35-96BDF9DEFB43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B4A945D-B983-434C-B1A8-12D474691266}" = dir=in | app=c:\users\marc\appdata\roaming\ukt\kaocyp.exe | 
"{61689875-4EB9-4CD3-BD64-E942E7646EA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66CE61D9-CBA1-46D7-B423-4F820A53598A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7385F193-68E2-4794-83CC-BE6DB5101F81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73FBC5A1-657F-4522-A995-979F413B8A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BF56B93-DA53-48A9-A5AE-51BE5A6E367B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D0CFE66-89E2-4CDF-B5A6-A6BB7D511E3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D84475D-F2B9-4F20-8285-DCC4BC0EB970}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7EB7552C-7B7E-4647-9C41-F2CB89AD48BE}" = dir=in | app=c:\users\marc\appdata\local\temp\hp\oj4500vg510n-z_full_13\setup\hpznui01.exe | 
"{89C1F0CD-0C78-44B1-8B63-0B13FDC6C3B8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8B2BF136-A5CB-4CC9-8750-3D24C627B7C9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 
"{8FB2FE86-C42D-4C63-AEA8-488F13F4BFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97640F88-2FB1-4899-88D6-229139A2C094}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{9B67495A-49B4-44D3-B33E-568AC6A14900}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A123AF15-F53E-40C4-B571-5194473B6B5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A19C9B7C-5389-42D0-8AD3-D61B1E02B657}" = protocol=6 | dir=out | app=system | 
"{A2083CC7-9881-4E22-A700-37B696915F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A54F46DB-DD42-4FBA-B376-9FE4965DDDFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AFCECB70-B939-4470-B5EA-F64B6F770D2E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B131EEE0-7B04-4316-843C-8922C2665DAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B21FC084-7DCC-4ACF-9671-5EFFB951C0E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9EEEF83-3B7E-4666-8DB4-2C78773F9386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDDC63CC-FDB9-4067-97BF-620080020D1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C011A033-F2CD-4A49-B8DC-22FADBFF2BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C41464D4-A3FE-40C2-8E8E-CE6FC2139BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D1D792CC-4D24-4D93-82E4-45AAC1B2BC44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D407789A-1A14-4851-AFCF-F17B9ACBFC83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5AC5A0C-D652-495C-8D8D-7677016E87B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6F5C5EE-5E57-47C6-A5D9-7D2A08135D55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7C90040-9627-4838-AB44-152444302AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9A2FF27-6CCA-4429-A5CA-11325735B7D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2FD37C4-BE3A-408F-9D25-D334C7D68419}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{E3E4AAE2-838A-41CE-8EBE-66CD35F7AA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7CAF1DB-411C-41C2-A54C-1230B478F41C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF867302-F88F-4640-8FBA-06A7CEC36594}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F29B71ED-460F-4AB8-9485-A5EA81F2D568}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F2B21985-158B-4A0F-9986-0E27812F8A82}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F84EEAD8-F85F-496D-91F0-09D6171752EB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"TCP Query User{19AAD408-A4FC-435F-96BF-081D02D24D8B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{4262856C-8EBA-4375-A845-6852341C305D}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe | 
"TCP Query User{AFE500CB-840B-4C5F-8F0B-58F5ECAB29BC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{BF14DF89-4AEC-42B4-8424-CC3EE4381AEB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D6F1AE32-0570-477C-B9ED-DA67FAF6D816}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{DE8232E4-A934-47A6-970E-9369150ACB27}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F15EA9AD-C100-4399-B8B9-63D1CA00AA5F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{074A5CAA-717D-4298-B243-5C6A389F7DAC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{2010D67B-1438-4413-A404-0A50994ECBC9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{80ED73C8-3CBC-4737-B3CE-F879E0E281E4}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{917EF290-2C5B-43F1-81BE-CA3038C730B9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{97FDA563-FFAD-4587-98CF-AA055140ED64}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EBF5095B-1C54-4EFD-9970-F0248D1AD53A}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{FA164B0E-4FDD-41A3-AEE3-23A1B90E4715}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 vibration driver version 0.100
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Moozy
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"CL-Eye Driver" = CL-Eye Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PSP Games Classics_is1" = PSP Games Classics
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Shop for HP Supplies" = Shop for HP Supplies
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2012 08:54:28 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 25.06.2012 09:02:28 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm java.exe, Version 6.0.200.2 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16cc    Startzeit:
 01cd52d293e6722d    Endzeit: 113    Anwendungspfad: C:\Program Files\Java\jre6\bin\java.exe

Berichts-ID:
 01aed14c-bec6-11e1-92ac-001195290246  
 
Error - 25.06.2012 09:03:23 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ntvdm.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc158  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000ffff  ID des fehlerhaften
 Prozesses: 0x10f8  Startzeit der fehlerhaften Anwendung: 0x01cd52d2e5164210  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\ntvdm.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 245ce38a-bec6-11e1-92ac-001195290246
 
Error - 08.07.2012 07:15:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
 0x4f6b9931  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdaca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001609c  ID des fehlerhaften
 Prozesses: 0x16f8  Startzeit der fehlerhaften Anwendung: 0x01cd5cfacff71956  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 32af0e7a-c8ee-11e1-9681-001195290246
 
Error - 08.07.2012 07:15:57 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
 0x4f6b9931  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdaca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001609c  ID des fehlerhaften
 Prozesses: 0x1298  Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0adc043c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 4a059259-c8ee-11e1-9681-001195290246
 
Error - 08.07.2012 07:16:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
 0x4f6b9931  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdaca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001609c  ID des fehlerhaften
 Prozesses: 0x17f0  Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0e860979  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 56494962-c8ee-11e1-9681-001195290246
 
[ System Events ]
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---

Hier jetzt die gmer.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.07.2012 18:53:49 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Marc\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,56 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 66,65% Memory free
7,12 Gb Paging File | 5,88 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 161,94 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CAC1F2-6BDC-4442-81D8-39A559866D27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{052A3DCD-D595-4ADB-8A99-A74F644F74D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D876DBE-3004-48CF-9735-304D95FF07FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{114EB8E1-973C-4D97-BD18-27AAE3DF3237}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28209765-CA1D-4C01-B6CE-BF7E0D4C3860}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{36296F85-F860-4704-B154-CEB004EB2F14}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{3AB5B97B-FF53-48D5-8834-526F2EB103B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46D9D26B-A36F-4FC2-9565-5E4B16E18634}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{54E8FD00-7008-47EB-9C9B-6CDE0EAA8122}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5882A000-EF51-45BD-B013-7C31D8DB7503}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5B818502-9145-4E17-9C7B-0FA3BD2CE017}" = lport=137 | protocol=17 | dir=in | app=system | 
"{660ADB5D-F6EB-468B-8C78-7EF534945204}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6843EE47-F130-49D4-BBBF-4BE74565C00E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{6F0276BB-FF51-47A9-A2F2-95FAEA5B7553}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{7B584832-A4D2-4E95-88BD-F358F8C9CFB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7DDE0B88-F3BC-4881-B4CB-4A86DA407CC8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7F7432EA-D4B4-4FCE-B195-7796F2441631}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{85251080-AD27-48DB-9D61-F2027B5F02B1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 
"{967288A7-DD50-44A7-A0DD-2AAC54092DC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4D64974-6BDD-4571-BFAF-EE26854FD1AB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B8A16771-965F-4B82-B384-AE45BD38E19A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BEA71CB9-E99D-4FB8-B16F-12C4459F6BD3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C240DDC9-D8EB-4221-8B4D-8DC297DD2EAF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{C8D2E36B-7406-45BD-B0F6-31C6824F3694}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9CDBFFC-9E12-4EFD-A3D1-88D9383E4632}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D96D9569-3FDD-46BE-802A-0666DC179B15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF8E6B6C-2C28-432A-BD14-17CC59A4E5EF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E4B64D37-6D64-4746-BD94-D88EC3D0572C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5B04D39-9F0F-4F95-B2C2-BFE47B8CEA46}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EBFD80AC-FE39-4C8E-A86B-6EF9B3630DCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3C1DAEE-4041-4485-90ED-F9FADCA5DD63}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCB716A4-C63C-4DC7-978F-44587ED02892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D8611-0A3E-4863-8CAB-E56FDEE62935}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{016F7AD2-D993-4EF5-A955-729585D2CD15}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{04A7FB85-8B16-4769-93CE-20C61BEE7EEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0628A924-182C-4CEE-956C-9C521E6796C9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{081E05F7-9E80-48B8-9601-2A45DD7440A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0877954B-AB37-4469-9638-E98A8A79BF15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A7AF1D2-EBE5-4BCB-98E5-F4C5BEF9DFF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C34975E-1C00-4D9E-B7FD-A7213067E3DA}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{0D3785A2-4B1B-479B-BAF1-62D6C0265A23}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{19CFEF43-CA16-4572-B87B-7A61968FD722}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C440BDA-AC23-4086-9771-76B2DD14E1A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1DDC602B-A678-4A02-8EEB-27F2163CDE77}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2450ECE2-D7BF-461C-AD16-7B2ADC7A7ECC}" = dir=in | app=c:\users\marc\appdata\roaming\caizwu\omquuv.exe | 
"{27B40E8C-941D-444B-9BF0-FAFD0ABF64BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FCF5E70-A2D8-4D91-B980-66C0E61DC73F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3022927B-B3C1-4770-851D-32DD448C3D86}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{349D5E97-86F2-4579-B893-D40B1A292F31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{34B71966-2466-4DF6-8D57-F6C2260B0E73}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D01B98D-6F7F-465D-AED3-00797A71CB01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4135BAD7-3982-4AE5-8655-B9B8FD07B9BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4B8E0D77-1431-4C74-B3B4-C5AFEF789AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{533E0691-6A67-44E2-B67A-AD43E0F654BB}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 
"{58FBC19C-42B3-493C-95E8-92DAACD4CB3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{594B5D62-2060-4C79-8F4B-7E6C49ED78C3}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{59F4633A-6EF7-4CE0-9960-AD7BB1211512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A537822-0542-4D2A-BF35-96BDF9DEFB43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B4A945D-B983-434C-B1A8-12D474691266}" = dir=in | app=c:\users\marc\appdata\roaming\ukt\kaocyp.exe | 
"{61689875-4EB9-4CD3-BD64-E942E7646EA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66CE61D9-CBA1-46D7-B423-4F820A53598A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7385F193-68E2-4794-83CC-BE6DB5101F81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73FBC5A1-657F-4522-A995-979F413B8A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BF56B93-DA53-48A9-A5AE-51BE5A6E367B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D0CFE66-89E2-4CDF-B5A6-A6BB7D511E3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D84475D-F2B9-4F20-8285-DCC4BC0EB970}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7EB7552C-7B7E-4647-9C41-F2CB89AD48BE}" = dir=in | app=c:\users\marc\appdata\local\temp\hp\oj4500vg510n-z_full_13\setup\hpznui01.exe | 
"{89C1F0CD-0C78-44B1-8B63-0B13FDC6C3B8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8B2BF136-A5CB-4CC9-8750-3D24C627B7C9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 
"{8FB2FE86-C42D-4C63-AEA8-488F13F4BFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97640F88-2FB1-4899-88D6-229139A2C094}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{9B67495A-49B4-44D3-B33E-568AC6A14900}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A123AF15-F53E-40C4-B571-5194473B6B5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A19C9B7C-5389-42D0-8AD3-D61B1E02B657}" = protocol=6 | dir=out | app=system | 
"{A2083CC7-9881-4E22-A700-37B696915F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A54F46DB-DD42-4FBA-B376-9FE4965DDDFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AFCECB70-B939-4470-B5EA-F64B6F770D2E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B131EEE0-7B04-4316-843C-8922C2665DAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B21FC084-7DCC-4ACF-9671-5EFFB951C0E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9EEEF83-3B7E-4666-8DB4-2C78773F9386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDDC63CC-FDB9-4067-97BF-620080020D1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C011A033-F2CD-4A49-B8DC-22FADBFF2BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C41464D4-A3FE-40C2-8E8E-CE6FC2139BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D1D792CC-4D24-4D93-82E4-45AAC1B2BC44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D407789A-1A14-4851-AFCF-F17B9ACBFC83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5AC5A0C-D652-495C-8D8D-7677016E87B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6F5C5EE-5E57-47C6-A5D9-7D2A08135D55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7C90040-9627-4838-AB44-152444302AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9A2FF27-6CCA-4429-A5CA-11325735B7D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2FD37C4-BE3A-408F-9D25-D334C7D68419}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{E3E4AAE2-838A-41CE-8EBE-66CD35F7AA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7CAF1DB-411C-41C2-A54C-1230B478F41C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF867302-F88F-4640-8FBA-06A7CEC36594}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F29B71ED-460F-4AB8-9485-A5EA81F2D568}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F2B21985-158B-4A0F-9986-0E27812F8A82}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F84EEAD8-F85F-496D-91F0-09D6171752EB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"TCP Query User{19AAD408-A4FC-435F-96BF-081D02D24D8B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{4262856C-8EBA-4375-A845-6852341C305D}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe | 
"TCP Query User{AFE500CB-840B-4C5F-8F0B-58F5ECAB29BC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{BF14DF89-4AEC-42B4-8424-CC3EE4381AEB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D6F1AE32-0570-477C-B9ED-DA67FAF6D816}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{DE8232E4-A934-47A6-970E-9369150ACB27}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F15EA9AD-C100-4399-B8B9-63D1CA00AA5F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{074A5CAA-717D-4298-B243-5C6A389F7DAC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{2010D67B-1438-4413-A404-0A50994ECBC9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{80ED73C8-3CBC-4737-B3CE-F879E0E281E4}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{917EF290-2C5B-43F1-81BE-CA3038C730B9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{97FDA563-FFAD-4587-98CF-AA055140ED64}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EBF5095B-1C54-4EFD-9970-F0248D1AD53A}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{FA164B0E-4FDD-41A3-AEE3-23A1B90E4715}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 vibration driver version 0.100
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Moozy
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"CL-Eye Driver" = CL-Eye Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PSP Games Classics_is1" = PSP Games Classics
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Shop for HP Supplies" = Shop for HP Supplies
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2012 08:54:28 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 25.06.2012 09:02:28 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm java.exe, Version 6.0.200.2 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16cc    Startzeit:
 01cd52d293e6722d    Endzeit: 113    Anwendungspfad: C:\Program Files\Java\jre6\bin\java.exe

Berichts-ID:
 01aed14c-bec6-11e1-92ac-001195290246  
 
Error - 25.06.2012 09:03:23 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ntvdm.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc158  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000ffff  ID des fehlerhaften
 Prozesses: 0x10f8  Startzeit der fehlerhaften Anwendung: 0x01cd52d2e5164210  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\ntvdm.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 245ce38a-bec6-11e1-92ac-001195290246
 
Error - 08.07.2012 07:15:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
 0x4f6b9931  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdaca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001609c  ID des fehlerhaften
 Prozesses: 0x16f8  Startzeit der fehlerhaften Anwendung: 0x01cd5cfacff71956  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 32af0e7a-c8ee-11e1-9681-001195290246
 
Error - 08.07.2012 07:15:57 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
 0x4f6b9931  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdaca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001609c  ID des fehlerhaften
 Prozesses: 0x1298  Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0adc043c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 4a059259-c8ee-11e1-9681-001195290246
 
Error - 08.07.2012 07:16:18 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel:
 0x4f6b9931  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdaca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001609c  ID des fehlerhaften
 Prozesses: 0x17f0  Startzeit der fehlerhaften Anwendung: 0x01cd5cfb0e860979  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 56494962-c8ee-11e1-9681-001195290246
 
[ System Events ]
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 08.07.2012 12:50:05 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---


eine dds.txt und attach.txt wurde nicht erstellt, zumindest hab ich sie nicht gefunden

Alt 10.07.2012, 21:35   #2
markusg
/// Malware-holic
 
Windows Update Trojaner - Standard

Windows Update Trojaner



hi
nimm shadow explorer, setze zurück, sichere die dateien und mache das system neu.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________

Antwort

Themen zu Windows Update Trojaner
32 bit, avg secure search, avg security toolbar, avira, babylon toolbar, babylontoolbar, dateien, device driver, eingefangen, entfernt, folge, folgende, gen, hilfreiche, ibsvc.exe, ibupdaterservice, iminent toolbar, install.exe, löschen, malwarebytes, meldung, microsoft office word, nicht mehr, nutzen, nvidia update, office 2007, officejet, pferd, plug-in, prima, problem, rechner, search the web, searchscopes, secure search, tipps, trojane, trojaner, trojanische, trojanische pferd, update, vtoolbarupdater, wieder herstellen, windows, windows update, woche, zahlen, zahlung, zip-datei, zip-datei geöffnet




Ähnliche Themen: Windows Update Trojaner


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update
    Log-Analyse und Auswertung - 08.02.2015 (15)
  3. Windows 7 Update-Trojaner
    Log-Analyse und Auswertung - 07.03.2014 (8)
  4. Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (39)
  5. Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  6. Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (1)
  7. Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  8. Windows Update Trojaner
    Log-Analyse und Auswertung - 17.06.2012 (11)
  9. Windows Update Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  10. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  11. Windows Update Trojaner
    Log-Analyse und Auswertung - 01.06.2012 (1)
  12. Windows 7 hat einen Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (5)
  13. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  14. Windows XP hat einen Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (11)
  15. Windows UPDATE Trojaner
    Log-Analyse und Auswertung - 16.05.2012 (5)
  16. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  17. Trojaner: Generic18.VII,Trojaner: Dropper.Generic2.XRU... k. Windows Update m. ,OTL & Malw Log anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (31)

Zum Thema Windows Update Trojaner - ein Hallo an alle in der community. Habe immer noch ein Problem mit dem Verschlüsselungstrojaner. Mein Sohn hat sich den auf seinem rechner eingefangen, nachdem er eine zip-datei geöffnet hatte - Windows Update Trojaner...
Archiv
Du betrachtest: Windows Update Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.