Fund: EXP/CVE-2012-1723.Z und ADWARE/Yontoo.E.1

ena84 · 25.01.2013, 20:16

Hallo alle zusammen,

ich hab mir gestern einen E-Bookreader aus dem Netz geladen und danach sofort gemerkt, dass was nicht stimmt. Dann hab ich Avira drüber laufen lassen und das ist das Ergebnis:

Funde:
- EXP/CVE-2012-1723.Z
- ADWARE/Yontoo.E.1

Die sind jetzt in Quarantäne.

So, die Anweisung von hier hab ich hoffentlich richtig befolgt.

Vorneweg: Ich bin der typische Normalo-PC-Benutzer und in solchen Dingen nicht besonders bewandert (eigentlich gar nicht) Deshalb bitte, alles "idiotensicher" beschreiben. Herzlichen Dank!!!

OTL.txt
OTL logfile created on: 1/25/2013 7:47:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JDE\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.86 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 41.34% Memory free
3.73 Gb Paging File | 2.31 Gb Available in Paging File | 61.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 20.73 Gb Free Space | 41.47% Space Free | Partition Type: NTFS
Drive D: | 246.09 Gb Total Space | 245.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JDE-PC | User Name: JDE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 19:12:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JDE\Desktop\OTL.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/08/11 15:58:06 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/29 16:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009/07/08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/11 17:12:37 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll
MOD - [2013/01/11 17:12:36 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\3802e86c54c8a435573e3f78c6632fa0\DeskUpdateNotifier.ni.exe
MOD - [2013/01/11 16:45:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 16:45:42 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 16:45:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 16:45:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 16:45:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 16:45:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/10/02 16:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/12/24 11:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/19 14:36:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 20:53:08 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {66983494-09A1-4759-96A3-A6CAA8F92BBB}
IE:64bit: - HKLM\..\SearchScopes\{66983494-09A1-4759-96A3-A6CAA8F92BBB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {66983494-09A1-4759-96A3-A6CAA8F92BBB}
IE - HKLM\..\SearchScopes\{66983494-09A1-4759-96A3-A6CAA8F92BBB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb196?a=6R8SkLttQI&i=26
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{A858FB0C-311E-49D6-85D2-52BF8DE9B99F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcf5a721-d112-453d-99fc-ddf58bf610b0&apn_sauid=928030FB-1E37-45B0-94CE-B2FFC5101BF2
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6R8SkLttQI&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.14.40.128
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN43912262892406834&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/01/24 21:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/01/24 21:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 14:36:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 14:36:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/16 15:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JDE\AppData\Roaming\mozilla\Extensions
[2013/01/24 22:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JDE\AppData\Roaming\mozilla\Firefox\Profiles\0pvlimcz.default\extensions
[2013/01/18 17:29:19 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\JDE\AppData\Roaming\mozilla\Firefox\Profiles\0pvlimcz.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013/01/24 22:11:20 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\JDE\AppData\Roaming\mozilla\Firefox\Profiles\0pvlimcz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013/01/24 21:57:18 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\JDE\AppData\Roaming\mozilla\Firefox\Profiles\0pvlimcz.default\extensions\ffxtlbr@incredibar.com
[2012/10/23 20:04:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\JDE\AppData\Roaming\mozilla\Firefox\Profiles\0pvlimcz.default\extensions\ich@maltegoetz.de
[2012/07/13 23:13:25 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\JDE\AppData\Roaming\mozilla\firefox\profiles\0pvlimcz.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012/06/16 15:37:47 | 000,002,344 | ---- | M] () -- C:\Users\JDE\AppData\Roaming\mozilla\firefox\profiles\0pvlimcz.default\searchplugins\askcom.xml
[2013/01/24 22:22:05 | 000,001,034 | ---- | M] () -- C:\Users\JDE\AppData\Roaming\mozilla\firefox\profiles\0pvlimcz.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2013/01/24 22:18:51 | 000,002,203 | ---- | M] () -- C:\Users\JDE\AppData\Roaming\mozilla\firefox\profiles\0pvlimcz.default\searchplugins\MyStart Search.xml
[2013/01/19 14:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/19 14:36:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 22:12:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" File not found
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files (x86)\Goodnight Timer\Goodnight Timer.exe ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\JDE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\JDE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2BDA2B-128C-45F0-88AE-C95445CB9DD3}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 19:12:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JDE\Desktop\OTL.exe
[2013/01/24 22:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/01/24 22:11:23 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013/01/24 22:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013/01/24 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Local\VisualBeeClient
[2013/01/24 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Local\VisualBeeExe
[2013/01/24 21:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com
[2013/01/24 21:57:03 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/01/24 21:57:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2013/01/24 21:57:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2013/01/24 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2013/01/24 21:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013/01/24 21:55:47 | 000,000,000 | ---D | C] -- C:\Users\JDE\Documents\Calibre Bibliothek
[2013/01/24 21:55:17 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Roaming\calibre
[2013/01/24 21:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/01/24 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/19 14:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 18:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/14 20:24:27 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Local\{9E592021-A945-42E2-A527-E2EB8E0BCA37}
[2013/01/06 14:59:52 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Local\{DB73AD8F-8D09-4EA7-A12B-650683FF6665}
[2012/12/27 23:51:42 | 000,000,000 | ---D | C] -- C:\Users\JDE\AppData\Local\{9FF6C325-08B4-435B-8AD3-B1D42AB697F7}
[2012/12/27 18:26:42 | 000,000,000 | ---D | C] -- C:\Users\JDE\Documents\JC
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/25 19:37:42 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 19:37:42 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 19:29:54 | 000,000,059 | ---- | M] () -- C:\Users\JDE\AppData\Roaming\GoodnightTimer.ini
[2013/01/25 19:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/25 19:28:31 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/25 19:23:23 | 000,365,568 | ---- | M] () -- C:\Users\JDE\Desktop\gmer-2.0.18444.exe
[2013/01/25 19:12:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JDE\Desktop\OTL.exe
[2013/01/25 19:10:55 | 000,000,000 | ---- | M] () -- C:\Users\JDE\defogger_reenable
[2013/01/25 19:10:27 | 000,050,477 | ---- | M] () -- C:\Users\JDE\Desktop\Defogger.exe
[2013/01/25 18:28:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/24 22:19:48 | 000,000,906 | ---- | M] () -- C:\user.js
[2013/01/24 21:55:00 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/24 21:53:54 | 000,175,400 | ---- | M] () -- C:\Users\JDE\Desktop\VisualBeeSilent.exe
[2013/01/24 21:53:50 | 050,861,056 | ---- | M] () -- C:\Users\JDE\Desktop\calibre-0-9-15.msi
[2013/01/24 21:35:01 | 037,182,804 | ---- | M] () -- C:\Users\JDE\Desktop\32A1F_1000_Places_D.epub
[2013/01/18 18:37:46 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/11 16:42:20 | 000,438,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 21:42:48 | 001,592,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/10 21:42:48 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/01/10 21:42:48 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 21:42:48 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/01/10 21:42:48 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 21:42:41 | 001,592,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/25 19:23:23 | 000,365,568 | ---- | C] () -- C:\Users\JDE\Desktop\gmer-2.0.18444.exe
[2013/01/25 19:10:55 | 000,000,000 | ---- | C] () -- C:\Users\JDE\defogger_reenable
[2013/01/25 19:10:22 | 000,050,477 | ---- | C] () -- C:\Users\JDE\Desktop\Defogger.exe
[2013/01/24 21:57:18 | 000,000,906 | ---- | C] () -- C:\user.js
[2013/01/24 21:57:03 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013/01/24 21:55:00 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/24 21:50:13 | 050,861,056 | ---- | C] () -- C:\Users\JDE\Desktop\calibre-0-9-15.msi
[2013/01/24 21:50:13 | 000,175,400 | ---- | C] () -- C:\Users\JDE\Desktop\VisualBeeSilent.exe
[2013/01/24 21:32:33 | 037,182,804 | ---- | C] () -- C:\Users\JDE\Desktop\32A1F_1000_Places_D.epub
[2013/01/18 18:37:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/18 18:37:46 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/08/12 21:20:17 | 000,000,059 | ---- | C] () -- C:\Users\JDE\AppData\Roaming\GoodnightTimer.ini
[2012/06/17 11:27:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/09 21:53:55 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/12/09 21:53:55 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/12/09 21:53:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/12/09 21:53:55 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/12/09 21:53:54 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/15 06:37:26 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/24 22:04:30 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\calibre
[2012/09/10 19:42:20 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\DVDVideoSoft
[2012/09/10 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/06/16 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\Fujitsu
[2012/06/16 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\OpenOffice.org
[2012/06/18 20:51:16 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\pdfforge
[2012/06/17 11:25:37 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\SoftGrid Client
[2012/06/16 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\TP
[2012/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\JDE\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

EXTRAS.txt
OTL Extras logfile created on: 1/25/2013 7:13:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JDE\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.86 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 45.10% Memory free
3.73 Gb Paging File | 2.02 Gb Available in Paging File | 54.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 20.96 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 246.09 Gb Total Space | 245.99 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JDE-PC | User Name: JDE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009465AF-C83C-4B79-9D9D-B2D8A7C3F65A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{059A07C2-0EC8-48E9-9430-F7DE2FF0971B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2950E4C5-B5AA-4109-B4EA-ACD508A216D9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3D66CECA-18A8-42B8-9C0E-029542B75E1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F551295-7B62-489B-B820-7F2486CEB96A}" = lport=137 | protocol=17 | dir=in | app=system |
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{446A334C-EC65-44E9-890D-DB7B0D118397}" = rport=139 | protocol=6 | dir=out | app=system |
"{7B0D5E8F-D829-4621-AAE9-013B52F20339}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82C50429-78F3-49D8-8AC3-C8C27156AC5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85E65354-9924-47E6-9D20-C63739894EF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86CAE52C-D22D-4A80-BC69-3A6A27AC9438}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BAB7074-B12E-41CA-983D-238E9A313BE6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9E42E420-0A20-47F4-B9CD-F6D2C08B047E}" = rport=445 | protocol=6 | dir=out | app=system |
"{A434FC38-03F3-41B3-8C81-7DDAB966B3C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7822744-99C7-4767-8085-227BBEF9647C}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE7102B8-16CA-44A5-A934-7C5D39679107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0720D59-6212-40CB-B0F9-4032B80B2FD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B8848D34-AF83-4160-945E-84F0531355DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{C19BD913-5FDC-4CC6-BC1D-9EFAD2A5CC06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE807998-5CAF-4013-9C0E-2F4F5B432FD0}" = lport=139 | protocol=6 | dir=in | app=system |
"{E0E78873-18C5-4292-8622-910D40B49218}" = rport=138 | protocol=17 | dir=out | app=system |
"{E2E3BEE4-D1C3-41C2-B65B-0239C515088B}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE5FAED1-2CE0-4912-B03D-A63BF21A8294}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EEFBFDE3-75EC-47D5-8FE5-EBD4F33FC32D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1912326-BBAB-4DCC-A916-E64230865423}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6FEF391-571E-4168-8CC6-F8FD94E01A0F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FA24B9B1-5F4B-4298-854D-B82BC4A540EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02740272-8B17-4D5F-90DE-CCD968C3DAD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0475C652-AE9F-4A94-A1E6-246C6BA4F997}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04A4C395-F8CF-467B-893E-0C6C4C4710F9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{12101BAC-4A6E-4554-88C1-4F5BE5B22AAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23711D80-3DDF-436F-923B-0758A1613E61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{249F2810-5CD2-4FED-9DA7-429605E1A114}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{275CD761-8C73-440A-AEDD-A87B382FAF6C}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{324DA2D7-E167-474A-833A-9499ABDA822C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{331D0376-5D57-4088-B26E-11B4538E23AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34C32904-3A38-498F-83BB-774935FD269E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3BC12A33-1E46-4C58-A04F-705187055B1E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3BD705DF-6826-4708-A3ED-1A5CA1440196}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4CB67C29-58AF-41F7-98A5-131BAA01C8E4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5613BBCB-D46A-4BF9-9C62-69DE013388BD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5E0D31EC-1EF2-477B-881F-0E1300B848EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67F52B16-3CD2-4554-8D84-A7A661408D23}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6BBBCB09-4797-44F9-97BF-C6F012EAB0FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6C8EF1DF-B0D3-45A0-8951-D623A656FF23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70D2C16E-E88A-48FD-84CB-75FC02C9012F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{72BBA81D-43BF-4AB3-9FD3-C1153EA247B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87659919-DEA2-466A-9C71-27D34DB7CFF5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8B99A5E9-8CBD-4ED3-A674-B463FE84F5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BEE949A-0F2A-46BA-86C3-1FB7304273CE}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{99A722E8-1C85-4DBA-A3F8-F0AD3B39229D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99B2D8BA-78AB-4C1E-8B1B-2B74FF591C06}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A3A04F5C-7634-4848-9EAE-A04D2BCEA2E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A765BC6E-F9DD-4094-B6FE-276599A6F4A2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B63C12FF-967C-430E-999C-40D4D0164F3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD8116E9-0C82-4A53-9B52-35AB996DF11F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C98957E0-2CA8-4F97-890C-E7A3BA19B423}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D08993D4-E3BF-4DF1-BD2D-1E1E0DD076EB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DA2F7C1F-3E2F-4E51-A864-FE23884723E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E6CD60C3-0974-4CED-8DDB-5C0B68373706}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E9D476CA-0302-471B-AB54-67F92DDD5300}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EE8E2627-BCFC-4672-869C-FC6FC5D1A570}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F7EE40BB-00F0-4EE8-A35A-D1D4D840A85D}" = protocol=6 | dir=out | app=system |
"{FE0FADDB-2F75-4769-B6F7-5A1CAD3605D6}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"TCP Query User{AE4A3C49-03D2-460E-A323-0F4CFCD76AF5}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{B5265FEA-4DF4-4BA0-8C0A-FA63ACB2C095}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54B0845F-5540-4492-9939-CD8880ABABF0}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17787BE3-4E5B-4D50-89BD-77E0C23B5C78}" = calibre
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIS Connect" = AIS Connect
"Avira AntiVir Desktop" = Avira Free Antivirus
"DealPly" = DealPly
"DeskUpdate_is1" = DeskUpdate 4.11
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"Goodnight Timer_is1" = Goodnight Timer 1.1
"HP Photo Creations" = HP Photo Creations
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Schichtplaner_is1" = Schichtplaner 4
"WinLiveSuite" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2012 8:28:38 AM | Computer Name = JDE-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/28/2012 5:47:11 AM | Computer Name = JDE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2012 6:14:20 AM | Computer Name = JDE-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/29/2012 6:35:27 AM | Computer Name = JDE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2012 12:59:51 PM | Computer Name = JDE-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

Error - 12/30/2012 10:23:11 AM | Computer Name = JDE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2012 10:43:39 AM | Computer Name = JDE-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/1/2013 6:56:56 AM | Computer Name = JDE-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2013 8:09:12 AM | Computer Name = JDE-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/1/2013 2:50:26 PM | Computer Name = JDE-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 12/14/2012 6:47:56 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.

Error - 12/29/2012 6:34:20 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Application Virtualization Client erreicht.

Error - 12/29/2012 6:34:20 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 12/29/2012 6:34:26 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1053

Error - 12/30/2012 10:22:02 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Application Virtualization Client erreicht.

Error - 12/30/2012 10:22:02 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 12/30/2012 10:22:02 AM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1053

Error - 1/10/2013 4:44:33 PM | Computer Name = JDE-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error - 1/12/2013 10:57:15 AM | Computer Name = JDE-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 1/13/2013 4:47:53 AM | Computer Name = JDE-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?01.?2013 um 18:59:11 unerwartet heruntergefahren.

< End of report >

Gmer.txt
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-25 19:59:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\JDE\AppData\Local\Temp\ufddypow.sys

---- User code sections - GMER 2.0 ----

? C:\Windows\system32\mssprxy.dll [2728] entry point in ".rdata" section 000000006e4771e6

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94590753
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94590753 (not active ControlSet)

---- EOF - GMER 2.0 ----

Viele Grüße
Ena

Fund: EXP/CVE-2012-1723.Z und ADWARE/Yontoo.E.1

Plagegeister aller Art und deren Bekämpfung: Fund: EXP/CVE-2012-1723.Z und ADWARE/Yontoo.E.1

Fund: EXP/CVE-2012-1723.Z und ADWARE/Yontoo.E.1

Ähnliche Themen: Fund: EXP/CVE-2012-1723.Z und ADWARE/Yontoo.E.1