Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus Urheberrechtsverletzung mit Webcam (https://www.trojaner-board.de/118943-virus-urheberrechtsverletzung-webcam.html)

Sommerzeit 09.07.2012 08:51
Virus Urheberrechtsverletzung mit Webcam
 
Hallo, ich habe mir den Virus bezueglich der Urheberrechtsverletzung eingefangen. Ich wollte dieses Problem dann wie hier beschrieben gerne mit OTL loesen, aber leider ist der Server der Seite unter Wartung. Koennte mir daher jemand die Setup schicken per E-mail oder als post hier

markusg 09.07.2012 10:29
hi
dann warte mal bis heute nachmittag und versuchs erneut, danach, wenn erfolgreich, log posten bitte

Sommerzeit 09.07.2012 13:28
OTL Logfile:
Code:
OTL logfile created on: 09.07.2012 14:01:37 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = D:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,01% Memory free
4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,57 Gb Total Space | 9,63 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
Drive D: | 64,72 Gb Total Space | 24,26 Gb Free Space | 37,49% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Desktop\24960-OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WisINT15) -- C:\Elements\1stboot\WisINT15.SYS File not found
DRV - (sscdmdm) -- system32\DRIVERS\sscdmdm.sys File not found
DRV - (sscdmdfl) -- system32\DRIVERS\sscdmdfl.sys File not found
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- system32\DRIVERS\sscdbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.yahoo.com/search?fr=chr-ober&type=gamenextus&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55414
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.25 17:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.27 14:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.12 16:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.12 16:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 13:18:04 | 000,095,200 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_6.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_6.0 [2012.04.14 10:25:59 | 000,000,000 | ---D | M]
 
[2010.05.23 17:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.23 17:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.28 08:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions
[2012.06.28 08:07:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Franka\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.03.30 16:37:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.06 08:35:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\engine@conduit.com
[2012.07.09 10:18:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\toolbar@ask.com
[2011.11.01 17:09:33 | 000,002,321 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\dictcc.xml
[2012.07.02 09:15:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\icqplugin-1.xml
[2011.04.29 19:09:52 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\icqplugin-2.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\icqplugin.xml
[2012.06.27 14:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.17 09:42:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober25164412.gif
[2009.08.28 14:13:07 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober25164412.src
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: WMMPDRM License Acquisition Wrapper (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MediaBarFileManager] C:\Programme\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] "D:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [XtraRichi] D:\Program Files\Richi\Richi_Skype_Com.exe /OnStartUp File not found
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 139.30.8.7 139.30.8.8
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.12 19:01:34 | 001,849,132 | ---- | M] () - D:\autogramm.pdf -- [ NTFS ]
O33 - MountPoints2\{5d5cdf2c-dc7e-11e0-9571-b76b17de3d14}\Shell - "" = AutoRun
O33 - MountPoints2\{5d5cdf2c-dc7e-11e0-9571-b76b17de3d14}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 13:57:58 | 000,000,000 | ---D | C] -- C:\Users\Franka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.07.09 12:10:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Desktop\24960-OTL.exe
[2012.07.09 06:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.09 06:06:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.09 06:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 14:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.27 07:34:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2ECAA418-7FC1-4AA2-B2CD-AAC4D46559BA}
[2012.06.27 07:30:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{00EFF282-F929-4474-A94C-E42F35A4BAD3}
[2012.06.26 20:29:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F53736E1-F9CC-4057-A6D5-45B32CBF2479}
[2012.06.26 08:30:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DD8D626F-BE02-498B-A9A1-561CF7C77CF2}
[2012.06.26 08:21:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4A7CC3A9-7346-48BF-8A9A-7442467F1866}
[2012.06.25 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8952E932-C098-42EC-A11D-D515A8BE4217}
[2012.06.25 09:45:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B05D0858-E14F-4540-83E7-26B5CE49F3B8}
[2012.06.25 09:07:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C882982A-795E-4762-AA69-04B4A534D419}
[2012.06.24 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F8C6B1AE-48AE-40F1-B7AE-79E18FFB6DC4}
[2012.06.24 20:20:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0E7FA1B2-0755-431E-AE20-BC7C2C2788EB}
[2012.06.22 17:59:27 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 17:59:26 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 17:58:54 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 17:58:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 17:58:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 17:57:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 17:57:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.22 17:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E5D5DA0D-479F-485B-96D8-5A9FC7AEEFFC}
[2012.06.22 17:49:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E9900DB0-921F-4F37-926F-F5D4CF46E451}
[2012.06.22 08:37:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C1C1A716-2E5D-4127-840B-EEFD78E9E5F2}
[2012.06.22 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9FEF053D-2E7A-4D86-A29A-D56481B2C19D}
[2012.06.21 08:23:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{188BA36F-6221-4A81-A939-FCE658E5DF58}
[2012.06.21 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CECC7198-D1C1-4CB5-82E8-5447CF82C1B8}
[2012.06.20 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{58F73E1B-80CB-4177-BC1B-729025F4CD1B}
[2012.06.20 07:52:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{15CA8996-0CEA-452E-BDB7-19C51BC11105}
[2012.06.19 07:25:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A6A5DA68-0083-44C3-AD6B-0BCA100B2DE7}[2012.06.19 07:25:30 | 000,000,000 | ---D | C] -- C:\Users\Franka\AppData\Local\{9F42D6F0-3103-4AD2-9D12-55951C825665}
[2012.06.18 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{998350AB-86E0-4337-A2E4-042BFC26DD73}
[2012.06.18 08:10:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C534C3B0-DD29-40A0-9643-5552A55167D4}
[2012.06.17 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2466F1FC-39F0-4911-907A-DE36E4A68BC8}
[2012.06.15 09:06:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4ABEF552-4A3E-4ED6-B95B-5360ABBA8FB1}
[2012.06.15 08:44:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2D45CB88-3110-4D37-94BC-7AD41885511F}
[2012.06.14 14:50:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EC7C616D-2B43-471D-85BD-9230F8A7EFC8}
[2012.06.14 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{37FA7B17-4DB6-43F5-830E-9B76F88E0E9E}
[2012.06.14 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E8D6C69A-6935-4C67-8DFD-A439E05439BD}
[2012.06.13 14:59:19 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 14:59:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 14:59:16 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.13 14:59:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 14:59:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.13 14:59:13 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.13 14:59:13 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.13 14:59:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 14:59:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.13 14:59:12 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.13 14:59:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 14:59:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.13 14:59:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.13 14:59:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.13 14:59:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.13 14:59:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.13 14:59:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.13 14:59:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 14:58:28 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.13 08:29:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88940ADB-86B2-4F05-9A27-AB69CEC40CAF}
[2012.06.12 16:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.12 16:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.06.12 07:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{77DBD7D7-B170-4456-B716-EF4E24424C74}
[2012.06.12 07:21:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B09DE0A7-7AB8-4C72-B072-B60A384D45C4}
[2012.06.11 14:09:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{406BF4BA-6F09-4E56-9764-B1C3E56040FF}
[2012.06.11 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{74FF998E-1689-48F8-A184-7B9D36361E9E}
[2012.06.11 08:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ADA4F604-FBE7-4E8C-9844-E24C0FB13FA6}
[2012.06.10 17:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88CE4A1B-1F1B-4AB9-AF0A-7927D7DBAA8C}
[2012.06.10 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5BDE0A71-6C01-4310-92E6-6268535C552D}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[18 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 13:59:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 13:58:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.09 13:58:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 13:58:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 11:59:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Desktop\24960-OTL.exe
[2012.07.09 10:27:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.09 10:20:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.09 09:55:16 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594614388-3155396300-3182383268-1003UA.job
[2012.07.09 09:48:18 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 06:06:44 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.09 05:42:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83E07B58-0A4A-4B45-AC20-F1BD0E91EC62}.job
[2012.07.08 22:59:32 | 000,702,614 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.08 22:59:32 | 000,659,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.08 22:59:32 | 000,156,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.08 22:59:32 | 000,128,624 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.08 19:22:48 | 000,001,726 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.08 17:39:20 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594614388-3155396300-3182383268-1003Core.job
[2012.07.07 08:31:38 | 000,141,424 | ---- | M] () -- D:\Desktop\Aushang_Raumaufteilung_VWL_II.pdf
[2012.07.03 15:03:45 | 000,024,064 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 14:47:32 | 000,029,312 | ---- | M] () -- D:\Desktop\Klausurfragen_Solow.pdf
[2012.06.30 09:13:32 | 000,001,982 | ---- | M] () -- D:\Desktop\Google Chrome.lnk
[2012.06.27 14:18:38 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.14 14:42:08 | 000,427,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[18 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 06:06:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 19:22:48 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 19:22:48 | 000,001,726 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.07 08:31:27 | 000,141,424 | ---- | C] () -- D:\Desktop\Aushang_Raumaufteilung_VWL_II.pdf
[2012.07.03 14:47:30 | 000,029,312 | ---- | C] () -- D:\Desktop\Klausurfragen_Solow.pdf
[2012.06.27 14:18:38 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.27 14:18:37 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 15:36:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{8670856B-FF87-4D91-9B1E-9F022C9AB0F1}
[2012.01.13 12:30:13 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{85B80E1F-CAF4-423B-80D6-5550AD624666}
[2011.10.25 08:48:33 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.10.15 00:47:01 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.10.14 19:34:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{0D5CC382-9BC1-4A06-8C82-F6F95AFA4B5B}
[2011.06.26 23:06:43 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{7AEA3DDC-8E2F-419E-B333-3A2230E79A51}
[2010.09.01 21:53:33 | 000,084,372 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.07.22 07:35:39 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
 
========== LOP Check ==========
 
[2011.10.15 11:44:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\78434
[2010.03.25 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.10.15 11:44:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\B6778
[2011.04.10 10:03:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.06.11 13:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.06.11 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.10.14 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2009.08.29 11:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2008.12.15 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.07.08 18:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.02.13 18:36:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar
[2012.04.14 10:28:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.04.08 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.04.14 10:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2010.05.20 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.04.08 15:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.07.03 10:18:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2011.09.09 11:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet
[2007.08.22 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.08.04 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.23 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.09.09 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2012.07.09 10:27:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.09 05:42:23 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{83E07B58-0A4A-4B45-AC20-F1BD0E91EC62}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 887 bytes -> C:\ProgramData\TEMP:7964DDC1
@Alternate Data Stream - 64 bytes -> C:\Users\***\IllTakeEverything-hamburg-1.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\***\IllTakeEverything-hamburg.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\***\CozILuvYou-hamburg.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\***\81ae5267ff0f7106a7532c49f7c6e659.mp4:TOC.WMV
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9AB338B9

< End of report >
--- --- ---

bin mir jetzt nicht 100% sicher ob das funktioniert, da mein pc immer wenn ich otl durchgeführt habe (abgesicherter modus mit netzwerk, dann plötzlich ausgegangen ist, aber vielleicht kann man daran schon etwas absehen...
ich lass otl jetzt nochmal in normalen zustand durchlaufen und hoffe, dass es da klappt.
Das werde ich dann auch nochmal hier posten.

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 09.07.2012 14:23:14 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = D:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,73% Memory free
4,23 Gb Paging File | 2,66 Gb Available in Paging File | 62,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,57 Gb Total Space | 9,61 Gb Free Space | 12,89% Space Free | Partition Type: NTFS
Drive D: | 64,72 Gb Total Space | 24,27 Gb Free Space | 37,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BB1B4F8-87B9-41ED-98ED-55EC5194AA81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DE714DB-F5A3-44FC-B8FF-FC0849F10A0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{56C7DD04-4F8A-4037-BDA5-CC41BD8975A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F5C44B8-A390-437E-98BC-4A8A97FF6611}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C037FC0-4066-400A-B904-B2A4D38E8C2D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{72579AC5-3A2C-4524-A25C-E7CEA814609D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7AC5ABF8-2498-46F0-9A48-8CA17BF1C30E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C4C9F4D-20E6-4380-ACE0-9AA4C77DE8FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B702E30A-8A97-4E17-9B97-2E00B398A4C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9EFF4F4-5BDC-4F86-919C-2319A23B1EA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC7D3087-693C-460D-BCE0-9A013BB3DCF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBBEA825-235C-4E86-ACDD-A0C3187CCE32}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1D71199-F28B-48A2-953E-076B50279CE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA84A27E-183D-427F-AD06-2634093097C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD8359DC-7C9B-4827-A50F-6517CE5FEDA0}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A612C56-F80A-41A9-9976-20A377BBE08F}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{1D364599-EE6C-4541-B86E-35D4747F2D6F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{207EFFE5-B206-4577-9616-E22CDFA8C8F2}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{20A5A86E-8F3F-4DFC-B049-E5585D759F7E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{26A767DD-E471-430A-A05F-6601FD247ED3}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{3B38549D-7EE6-4B54-837E-1528E73CC27F}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{47146D6C-C360-433A-900F-69725F4A7207}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{475C2851-C5F9-4DE1-901D-CBF4F8679A66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48DC2AA2-1955-49F8-A943-3EB6CFD0A7A7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{53CE6036-73D7-4B85-B75C-BB730C5E8AF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A0CD386-BBFB-445A-838B-02455FBBFF35}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{63F16F32-67D2-4CEC-9FAF-63EAC560DC9A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9BFB8474-E474-4E72-BA38-FA36173D5F4D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A6CFE1F7-2EB8-4608-9138-1B80ECDAE6E1}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{A7C60151-7DD0-4A46-A096-2EA3C7529C0C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{AC6E8AB3-0D78-4A47-B84B-686B4575B7FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AD760A06-95BB-4535-89E1-F4C8084FD980}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B07025A6-C2B4-4F71-A1B8-F8F138067B6B}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B2F1177D-832C-4817-90DC-3AA6735C397C}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{BA71B0D9-5CD2-48CD-8F7C-CA99E78702A6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{C009D33E-D2B2-47C1-A0A0-63D02C01B174}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{04488B71-CCB8-4011-8E36-2C3B7732E8EE}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"TCP Query User{08A39D13-5F92-4FD6-9D1B-799D14F61EB1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{2861B066-1F67-41B7-AFA2-AB7061DEFDF2}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"TCP Query User{2A24E5BB-0232-4BF2-8E31-26F159915AAE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{34A6027F-41B6-42B7-A87D-9684D73ACFAC}C:\program files\maple 11\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe |
"TCP Query User{356A4AF2-8649-42BD-BB55-FAD75095FE27}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{41186F6D-7C23-423C-8B12-A44C3147585E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{54E0CFCF-5AFD-46C5-B6F8-30BCAB3A90CB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5B2452D9-7FF6-4FAD-8F58-E4DE0AABB5A6}D:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"TCP Query User{672B1D1A-99C5-4DEA-B487-1E59A973CBCD}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{6C730497-F0A3-4664-A43E-465E21CC418C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{883B8507-EEDA-4C25-B69C-A045B3B5E09D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{A04C38C0-14E3-420F-A7A5-5F01F87E0047}C:\program files\vr-networld\onlupd01.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd01.exe |
"TCP Query User{A0D3E1E7-82D3-4D2E-BB40-AE2535800658}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{B3F06A46-5974-4B55-BCE0-63273D3CCE5F}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{B7255F5B-2886-4694-A715-536D8328506A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{C86184C6-B934-4817-A2C4-711330C55425}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{DD11ECDF-D7F7-4A10-AC39-BBE67CC6F13A}D:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq7.4\icq.exe |
"TCP Query User{E195D52A-24AC-4FB5-AE97-6A717053BD50}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{EFD641A8-601B-471F-AA8A-E73FF70EA6A7}C:\program files\maple 11\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"TCP Query User{F983AECE-7F30-4A7F-A778-B0F32155A713}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{028109AC-B4D9-4609-9405-29A42026B3AF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{087C16CB-040F-4C6E-8BD3-CC5AAFAF2A5E}D:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq7.4\icq.exe |
"UDP Query User{0E332A38-16FB-4587-A8C4-93643435124F}D:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"UDP Query User{14231AA1-0D29-405F-AC93-DDBD519B04A2}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{28F36ABE-2906-4733-A350-83126B180F20}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{37E4620B-9653-4CC3-9FED-15CC0B3DDE91}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{56233A90-A7EC-466B-84C3-813E0D2060D5}C:\program files\maple 11\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"UDP Query User{647EDCF1-B66F-407C-8DAB-40B89DC8AFED}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{6E9B0407-121D-40F2-BFA8-9DC3EA5E724F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{76045000-8A17-4855-8B8F-3BD567A9F7B4}C:\program files\maple 11\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe |
"UDP Query User{78033964-A2D5-47EC-AAFE-D54032338DB0}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"UDP Query User{8189D744-DFE6-472F-BF6C-7F473D2672B7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{86FC9705-944E-4A9D-92C3-4D7A7748F5D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8C2C350C-E4B7-4378-A44A-269E48EE38F7}C:\program files\vr-networld\onlupd01.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd01.exe |
"UDP Query User{B0BA235F-740E-4F3C-8BCD-BCAD01E078DB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{BBCB7AA1-A4AE-496C-B44A-A44B88A081FA}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"UDP Query User{BCF4A5DC-47A8-436A-91D7-2CA672E6AAF5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{BE8C426D-5FB0-4FF1-83DF-85B66492750D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{CE7E87FE-E3FC-4669-86C9-3DAF4C4F452C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D810F2AA-D02A-4AB1-8D82-5F9B7CCD40EC}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{DBEFD50F-4A4D-4CEC-8CDE-7323DDC05486}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05DBE039-CE2E-AA7C-48C9-0BFF01B3C23E}" = ATI Catalyst Install Manager
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1226B9A5-FBFD-4120-9AED-08CABCDAF3AB}" = Nokia Ovi Player
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EA816B8-B542-2CCD-203A-93CEBF3D1675}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B98678-F811-78B7-463B-44CDDED8F5CC}" = Catalyst Control Center Localization Portuguese
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27EE9892-EC87-9C50-F637-96DF0CFBC97A}" = Catalyst Control Center Localization Spanish
"{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extentions
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFC1886-2321-E696-6AA9-4813B697A7AF}" = Catalyst Control Center Localization Thai
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6D0808-24A8-DF05-0A7F-C841F5C18D5D}" = Catalyst Control Center Localization Greek
"{61335F5B-0C89-3FF5-782C-FECEFF845E18}" = Catalyst Control Center Localization German
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1167BB-452E-559B-B0AB-E47E16F50434}" = Catalyst Control Center Localization Korean
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7009F667-8876-4240-B9F0-EF951F03FB4F}" = TotalEdit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715083AD-480C-8829-6382-F4542668DFA7}" = Catalyst Control Center Localization Chinese Traditional
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A29388F-A4AA-9002-B641-00965F00CB81}" = Catalyst Control Center Localization Turkish
"{801FDB8E-AB8E-DC8D-DC34-71E55F5E512C}" = Catalyst Control Center Localization Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86A5C1F6-A7F6-1B41-6EDD-07232A78DE00}" = Catalyst Control Center Graphics Light
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{90FCD8D6-FD7D-64E3-DD33-CC492CBE6FBC}" = Catalyst Control Center Localization Polish
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{963B57B6-AF9F-392D-12D1-32E3974ACFA1}" = Catalyst Control Center Localization Finnish
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BD4A91-C0C0-EF80-E384-EEC5EE463280}" = Catalyst Control Center Localization Japanese
"{A833E9D7-60D1-BA2F-3E9F-83BA0582C896}" = Catalyst Control Center Localization French
"{A87CC6B1-D9BC-D871-8B2D-C6CDD5D13898}" = Catalyst Control Center Localization Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABC63B0E-23CE-F139-F3B6-1CCE1A641F17}" = ccc-utility
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFBD3104-3F35-4FB0-80FB-B09AA20E7D76}" = Cisco AnyConnect VPN Client
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = OD2 Music Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3026D71-D3FC-9052-7D6F-64A1BB6495B9}" = Catalyst Control Center Localization Italian
"{D330A835-E188-1325-30AB-E8A1C089C645}" = Catalyst Control Center Localization Russian
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5C2C8F3-D928-9AD2-113E-84A2AD9536F1}" = Catalyst Control Center Localization Chinese Standard
"{E5E13C41-93A6-B3F5-C4A6-E57740DDE187}" = ccc-core-static
"{E88E71A4-E4DC-7E56-295E-32EF98CFF2E9}" = Catalyst Control Center Localization Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC64B779-10A2-448C-8104-00B6790836A9}" = Samsung PC Studio
"{EE30D312-D109-A441-3949-AFEB004B729A}" = Catalyst Control Center Localization Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F6017B-BF7F-3FF4-C10A-FE8D96D166EC}" = Catalyst Control Center Localization Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F55A7B28-F744-D537-36F1-BEF5E6A8A3A1}" = Catalyst Control Center Localization Czech
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Freestyle Learning Home" = Freestyle Learning Home
"GridVista" = Acer GridVista
"GSview und Aladdin Ghostscript " = GSview und Aladdin Ghostscript
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"JMF2.1" = Java Media Framework 2.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"Nokia Suite" = Nokia Suite
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.07.2012 08:14:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:09 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:09 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 09.07.2012 04:20:57 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 828 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 09.07.2012 04:20:57 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1657 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen. 
 
Error - 09.07.2012 04:20:57 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 09.07.2012 04:21:25 | Computer Name = ***-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 09.07.2012 04:21:25 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::GetActiveSessionId File: .\WTS.cpp Line: 155 Invoked
Function: CWTS::GetActiveSessionId Return Code: -30605303 (0xFE2D0009) Description:
 WTS_ERROR_UNEXPECTED Active user session not found
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::startVpnTunnel File: .\MainThread.cpp Line: 1236
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:27:42 | Computer Name = ***-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ OSession Events ]
Error - 09.12.2009 15:06:28 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41407
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.01.2010 08:05:23 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 433 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 12.01.2010 06:57:16 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 9035 seconds with 1740 seconds of active time.  This session ended with a
 crash.
 
Error - 13.07.2010 13:24:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.07.2012 08:00:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 09.07.2012 08:00:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 09.07.2012 08:00:37 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 09.07.2012 08:01:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.07.2012 08:01:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 09.07.2012 08:02:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.07.2012 08:08:05 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.07.2012 um 14:06:21 unerwartet heruntergefahren.
 
Error - 09.07.2012 08:09:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 09.07.2012 08:09:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.07.2012 08:14:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---

Sommerzeit 09.07.2012 14:21
OTL Logfile:
Code:
OTL logfile created on: 09.07.2012 14:23:14 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = D:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,73% Memory free
4,23 Gb Paging File | 2,66 Gb Available in Paging File | 62,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,57 Gb Total Space | 9,61 Gb Free Space | 12,89% Space Free | Partition Type: NTFS
Drive D: | 64,72 Gb Total Space | 24,27 Gb Free Space | 37,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Desktop\24960-OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Temp\glom0_og.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4710917e5f1bdbb49d9785f4eb0040c5\System.Data.SqlServerCe.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2670.36984__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2670.36934__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2670.37000__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2670.37252__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2670.37243__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2670.37191__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2670.36974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2670.36998__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2670.36956__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2670.37113__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2636.18438__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2636.18457__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2636.18430__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2636.18428__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2636.18485__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2636.18430__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2636.18442__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2636.18435__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2636.18438__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2636.18443__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2636.18441__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2642.27815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2636.18443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2636.18451__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2636.18451__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2636.18429__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2670.37259_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2670.37327__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2670.36929__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2670.36967__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2670.37259__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2670.37270__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2670.36932__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2670.36933__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2670.37267__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2670.36930__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2636.18439__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2636.18435__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2670.37269__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2636.18458__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2636.18440__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2636.18433__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2636.18452__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Programme\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WisINT15) -- C:\Elements\1stboot\WisINT15.SYS File not found
DRV - (sscdmdm) -- system32\DRIVERS\sscdmdm.sys File not found
DRV - (sscdmdfl) -- system32\DRIVERS\sscdmdfl.sys File not found
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- system32\DRIVERS\sscdbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.yahoo.com/search?fr=chr-ober&type=gamenextus&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55414
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Franka\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Franka\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Franka\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Franka\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.25 17:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.27 14:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.12 16:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.12 16:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 13:18:04 | 000,095,200 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_6.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_6.0 [2012.04.14 10:25:59 | 000,000,000 | ---D | M]
 
[2010.05.23 17:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.23 17:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.28 08:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions
[2012.06.28 08:07:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.03.30 16:37:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.06 08:35:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\engine@conduit.com
[2012.07.09 10:18:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3umkgif4.default\extensions\toolbar@ask.com
[2011.11.01 17:09:33 | 000,002,321 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\dictcc.xml
[2012.07.02 09:15:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\icqplugin-1.xml
[2011.04.29 19:09:52 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\icqplugin-2.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\searchplugins\icqplugin.xml
[2012.06.27 14:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.17 09:42:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober25164412.gif
[2009.08.28 14:13:07 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober25164412.src
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: WMMPDRM License Acquisition Wrapper (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MediaBarFileManager] C:\Programme\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] "D:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [XtraRichi] D:\Program Files\Richi\Richi_Skype_Com.exe /OnStartUp File not found
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 139.30.8.7 139.30.8.8
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.12 19:01:34 | 001,849,132 | ---- | M] () - D:\autogramm.pdf -- [ NTFS ]
O33 - MountPoints2\{5d5cdf2c-dc7e-11e0-9571-b76b17de3d14}\Shell - "" = AutoRun
O33 - MountPoints2\{5d5cdf2c-dc7e-11e0-9571-b76b17de3d14}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.09 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.07.09 12:10:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Desktop\24960-OTL.exe
[2012.07.09 06:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.09 06:06:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.09 06:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 14:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.27 07:34:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2ECAA418-7FC1-4AA2-B2CD-AAC4D46559BA}
[2012.06.27 07:30:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{00EFF282-F929-4474-A94C-E42F35A4BAD3}
[2012.06.26 20:29:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F53736E1-F9CC-4057-A6D5-45B32CBF2479}
[2012.06.26 08:30:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DD8D626F-BE02-498B-A9A1-561CF7C77CF2}
[2012.06.26 08:21:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4A7CC3A9-7346-48BF-8A9A-7442467F1866}
[2012.06.25 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8952E932-C098-42EC-A11D-D515A8BE4217}
[2012.06.25 09:45:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B05D0858-E14F-4540-83E7-26B5CE49F3B8}
[2012.06.25 09:07:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C882982A-795E-4762-AA69-04B4A534D419}
[2012.06.24 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F8C6B1AE-48AE-40F1-B7AE-79E18FFB6DC4}
[2012.06.24 20:20:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0E7FA1B2-0755-431E-AE20-BC7C2C2788EB}
[2012.06.22 17:59:27 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 17:59:26 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 17:58:54 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 17:58:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 17:58:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 17:57:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 17:57:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.22 17:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E5D5DA0D-479F-485B-96D8-5A9FC7AEEFFC}
[2012.06.22 17:49:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E9900DB0-921F-4F37-926F-F5D4CF46E451}
[2012.06.22 08:37:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C1C1A716-2E5D-4127-840B-EEFD78E9E5F2}
[2012.06.22 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9FEF053D-2E7A-4D86-A29A-D56481B2C19D}
[2012.06.21 08:23:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{188BA36F-6221-4A81-A939-FCE658E5DF58}
[2012.06.21 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CECC7198-D1C1-4CB5-82E8-5447CF82C1B8}
[2012.06.20 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{58F73E1B-80CB-4177-BC1B-729025F4CD1B}
[2012.06.20 07:52:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{15CA8996-0CEA-452E-BDB7-19C51BC11105}
[2012.06.19 07:25:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A6A5DA68-0083-44C3-AD6B-0BCA100B2DE7}
[2012.06.19 07:25:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F42D6F0-3103-4AD2-9D12-55951C825665}
[2012.06.18 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{998350AB-86E0-4337-A2E4-042BFC26DD73}
[2012.06.18 08:10:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C534C3B0-DD29-40A0-9643-5552A55167D4}
[2012.06.17 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2466F1FC-39F0-4911-907A-DE36E4A68BC8}
[2012.06.15 09:06:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4ABEF552-4A3E-4ED6-B95B-5360ABBA8FB1}
[2012.06.15 08:44:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2D45CB88-3110-4D37-94BC-7AD41885511F}
[2012.06.14 14:50:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EC7C616D-2B43-471D-85BD-9230F8A7EFC8}
[2012.06.14 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{37FA7B17-4DB6-43F5-830E-9B76F88E0E9E}
[2012.06.14 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E8D6C69A-6935-4C67-8DFD-A439E05439BD}
[2012.06.13 14:59:19 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 14:59:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 14:59:16 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.13 14:59:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 14:59:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.13 14:59:13 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.13 14:59:13 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.13 14:59:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 14:59:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.13 14:59:12 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.13 14:59:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 14:59:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.13 14:59:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.13 14:59:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.13 14:59:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.13 14:59:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.13 14:59:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.13 14:59:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 14:58:28 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.13 08:29:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88940ADB-86B2-4F05-9A27-AB69CEC40CAF}
[2012.06.12 16:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.12 16:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.06.12 07:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{77DBD7D7-B170-4456-B716-EF4E24424C74}
[2012.06.12 07:21:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B09DE0A7-7AB8-4C72-B072-B60A384D45C4}
[2012.06.11 14:09:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{406BF4BA-6F09-4E56-9764-B1C3E56040FF}
[2012.06.11 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{74FF998E-1689-48F8-A184-7B9D36361E9E}
[2012.06.11 08:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ADA4F604-FBE7-4E8C-9844-E24C0FB13FA6}
[2012.06.10 17:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88CE4A1B-1F1B-4AB9-AF0A-7927D7DBAA8C}
[2012.06.10 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5BDE0A71-6C01-4310-92E6-6268535C552D}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 14:38:40 | 009,437,184 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2012.07.09 14:08:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.09 14:08:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.07.09 14:08:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 14:08:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 14:08:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 14:06:38 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{cdb9e2bb-99bb-11dd-af49-fed6e2563a0e}.TMContainer00000000000000000001.regtrans-ms
[2012.07.09 14:06:38 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{cdb9e2bb-99bb-11dd-af49-fed6e2563a0e}.TM.blf
[2012.07.09 12:32:08 | 001,538,535 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2012.07.09 11:59:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Desktop\24960-OTL.exe
[2012.07.09 10:27:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.09 10:20:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.09 09:55:16 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594614388-3155396300-3182383268-1003UA.job
[2012.07.09 09:48:18 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.09 06:06:44 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.09 05:42:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83E07B58-0A4A-4B45-AC20-F1BD0E91EC62}.job
[2012.07.08 22:59:32 | 001,640,898 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.07.08 22:59:32 | 000,702,614 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.08 22:59:32 | 000,659,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.08 22:59:32 | 000,156,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.08 22:59:32 | 000,128,624 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.08 19:22:48 | 000,001,726 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.08 17:39:20 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1594614388-3155396300-3182383268-1003Core.job
[2012.07.07 08:31:38 | 000,141,424 | ---- | M] () -- D:\Desktop\Aushang_Raumaufteilung_VWL_II.pdf
[2012.07.03 15:03:45 | 000,024,064 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 14:47:32 | 000,029,312 | ---- | M] () -- D:\Desktop\Klausurfragen_Solow.pdf
[2012.06.30 09:13:32 | 000,001,982 | ---- | M] () -- D:\Desktop\Google Chrome.lnk
[2012.06.27 14:18:38 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.14 14:42:08 | 000,427,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 06:06:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 19:22:48 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 19:22:48 | 000,001,726 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.07 08:31:27 | 000,141,424 | ---- | C] () -- D:\Desktop\Aushang_Raumaufteilung_VWL_II.pdf
[2012.07.03 14:47:30 | 000,029,312 | ---- | C] () -- D:\Desktop\Klausurfragen_Solow.pdf
[2012.06.27 14:18:38 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.27 14:18:37 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 15:36:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{8670856B-FF87-4D91-9B1E-9F022C9AB0F1}
[2012.01.13 12:30:13 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{85B80E1F-CAF4-423B-80D6-5550AD624666}
[2011.10.25 08:48:33 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.10.15 00:47:01 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.10.14 19:34:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{0D5CC382-9BC1-4A06-8C82-F6F95AFA4B5B}
[2011.06.26 23:06:43 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{7AEA3DDC-8E2F-419E-B333-3A2230E79A51}
[2010.09.01 21:53:33 | 000,084,372 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.07.22 07:35:39 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
 
========== LOP Check ==========
 
[2011.10.15 11:44:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\78434
[2010.03.25 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.10.15 11:44:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\B6778
[2011.04.10 10:03:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.06.11 13:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.06.11 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.10.14 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2009.08.29 11:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2008.12.15 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.07.08 18:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.02.13 18:36:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar
[2012.04.14 10:28:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.04.08 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.04.14 10:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2010.05.20 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.04.08 15:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.07.03 10:18:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2011.09.09 11:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet
[2007.08.22 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.08.04 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.23 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.09.09 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2012.07.09 10:27:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.09 05:42:23 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{83E07B58-0A4A-4B45-AC20-F1BD0E91EC62}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 887 bytes -> C:\ProgramData\TEMP:7964DDC1
@Alternate Data Stream - 64 bytes -> C:\Users\***\IllTakeEverything-hamburg-1.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\***\IllTakeEverything-hamburg.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\***\CozILuvYou-hamburg.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\***\81ae5267ff0f7106a7532c49f7c6e659.mp4:TOC.WMV
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9AB338B9

< End of report >
--- --- ---


Das sind nun beide Logfiles, die sich nach vollständiger Prüfung ergeben haben. Für eine schnelle Hilfe, wäre ich sehr dankbar!!!

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 09.07.2012 14:23:14 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = D:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,73% Memory free
4,23 Gb Paging File | 2,66 Gb Available in Paging File | 62,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,57 Gb Total Space | 9,61 Gb Free Space | 12,89% Space Free | Partition Type: NTFS
Drive D: | 64,72 Gb Total Space | 24,27 Gb Free Space | 37,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BB1B4F8-87B9-41ED-98ED-55EC5194AA81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DE714DB-F5A3-44FC-B8FF-FC0849F10A0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{56C7DD04-4F8A-4037-BDA5-CC41BD8975A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F5C44B8-A390-437E-98BC-4A8A97FF6611}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C037FC0-4066-400A-B904-B2A4D38E8C2D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{72579AC5-3A2C-4524-A25C-E7CEA814609D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7AC5ABF8-2498-46F0-9A48-8CA17BF1C30E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C4C9F4D-20E6-4380-ACE0-9AA4C77DE8FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B702E30A-8A97-4E17-9B97-2E00B398A4C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9EFF4F4-5BDC-4F86-919C-2319A23B1EA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC7D3087-693C-460D-BCE0-9A013BB3DCF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBBEA825-235C-4E86-ACDD-A0C3187CCE32}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1D71199-F28B-48A2-953E-076B50279CE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA84A27E-183D-427F-AD06-2634093097C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD8359DC-7C9B-4827-A50F-6517CE5FEDA0}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A612C56-F80A-41A9-9976-20A377BBE08F}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{1D364599-EE6C-4541-B86E-35D4747F2D6F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{207EFFE5-B206-4577-9616-E22CDFA8C8F2}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{20A5A86E-8F3F-4DFC-B049-E5585D759F7E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{26A767DD-E471-430A-A05F-6601FD247ED3}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{3B38549D-7EE6-4B54-837E-1528E73CC27F}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{47146D6C-C360-433A-900F-69725F4A7207}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{475C2851-C5F9-4DE1-901D-CBF4F8679A66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48DC2AA2-1955-49F8-A943-3EB6CFD0A7A7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{53CE6036-73D7-4B85-B75C-BB730C5E8AF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A0CD386-BBFB-445A-838B-02455FBBFF35}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{63F16F32-67D2-4CEC-9FAF-63EAC560DC9A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9BFB8474-E474-4E72-BA38-FA36173D5F4D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A6CFE1F7-2EB8-4608-9138-1B80ECDAE6E1}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{A7C60151-7DD0-4A46-A096-2EA3C7529C0C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{AC6E8AB3-0D78-4A47-B84B-686B4575B7FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AD760A06-95BB-4535-89E1-F4C8084FD980}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B07025A6-C2B4-4F71-A1B8-F8F138067B6B}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B2F1177D-832C-4817-90DC-3AA6735C397C}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{BA71B0D9-5CD2-48CD-8F7C-CA99E78702A6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{C009D33E-D2B2-47C1-A0A0-63D02C01B174}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{04488B71-CCB8-4011-8E36-2C3B7732E8EE}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"TCP Query User{08A39D13-5F92-4FD6-9D1B-799D14F61EB1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{2861B066-1F67-41B7-AFA2-AB7061DEFDF2}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"TCP Query User{2A24E5BB-0232-4BF2-8E31-26F159915AAE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{34A6027F-41B6-42B7-A87D-9684D73ACFAC}C:\program files\maple 11\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe |
"TCP Query User{356A4AF2-8649-42BD-BB55-FAD75095FE27}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{41186F6D-7C23-423C-8B12-A44C3147585E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{54E0CFCF-5AFD-46C5-B6F8-30BCAB3A90CB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5B2452D9-7FF6-4FAD-8F58-E4DE0AABB5A6}D:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"TCP Query User{672B1D1A-99C5-4DEA-B487-1E59A973CBCD}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{6C730497-F0A3-4664-A43E-465E21CC418C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{883B8507-EEDA-4C25-B69C-A045B3B5E09D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{A04C38C0-14E3-420F-A7A5-5F01F87E0047}C:\program files\vr-networld\onlupd01.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd01.exe |
"TCP Query User{A0D3E1E7-82D3-4D2E-BB40-AE2535800658}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{B3F06A46-5974-4B55-BCE0-63273D3CCE5F}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{B7255F5B-2886-4694-A715-536D8328506A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{C86184C6-B934-4817-A2C4-711330C55425}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{DD11ECDF-D7F7-4A10-AC39-BBE67CC6F13A}D:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq7.4\icq.exe |
"TCP Query User{E195D52A-24AC-4FB5-AE97-6A717053BD50}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{EFD641A8-601B-471F-AA8A-E73FF70EA6A7}C:\program files\maple 11\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"TCP Query User{F983AECE-7F30-4A7F-A778-B0F32155A713}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{028109AC-B4D9-4609-9405-29A42026B3AF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{087C16CB-040F-4C6E-8BD3-CC5AAFAF2A5E}D:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq7.4\icq.exe |
"UDP Query User{0E332A38-16FB-4587-A8C4-93643435124F}D:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"UDP Query User{14231AA1-0D29-405F-AC93-DDBD519B04A2}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{28F36ABE-2906-4733-A350-83126B180F20}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{37E4620B-9653-4CC3-9FED-15CC0B3DDE91}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{56233A90-A7EC-466B-84C3-813E0D2060D5}C:\program files\maple 11\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"UDP Query User{647EDCF1-B66F-407C-8DAB-40B89DC8AFED}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{6E9B0407-121D-40F2-BFA8-9DC3EA5E724F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{76045000-8A17-4855-8B8F-3BD567A9F7B4}C:\program files\maple 11\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe |
"UDP Query User{78033964-A2D5-47EC-AAFE-D54032338DB0}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"UDP Query User{8189D744-DFE6-472F-BF6C-7F473D2672B7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{86FC9705-944E-4A9D-92C3-4D7A7748F5D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8C2C350C-E4B7-4378-A44A-269E48EE38F7}C:\program files\vr-networld\onlupd01.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd01.exe |
"UDP Query User{B0BA235F-740E-4F3C-8BCD-BCAD01E078DB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{BBCB7AA1-A4AE-496C-B44A-A44B88A081FA}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"UDP Query User{BCF4A5DC-47A8-436A-91D7-2CA672E6AAF5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{BE8C426D-5FB0-4FF1-83DF-85B66492750D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{CE7E87FE-E3FC-4669-86C9-3DAF4C4F452C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D810F2AA-D02A-4AB1-8D82-5F9B7CCD40EC}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{DBEFD50F-4A4D-4CEC-8CDE-7323DDC05486}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05DBE039-CE2E-AA7C-48C9-0BFF01B3C23E}" = ATI Catalyst Install Manager
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1226B9A5-FBFD-4120-9AED-08CABCDAF3AB}" = Nokia Ovi Player
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EA816B8-B542-2CCD-203A-93CEBF3D1675}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B98678-F811-78B7-463B-44CDDED8F5CC}" = Catalyst Control Center Localization Portuguese
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27EE9892-EC87-9C50-F637-96DF0CFBC97A}" = Catalyst Control Center Localization Spanish
"{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extentions
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFC1886-2321-E696-6AA9-4813B697A7AF}" = Catalyst Control Center Localization Thai
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6D0808-24A8-DF05-0A7F-C841F5C18D5D}" = Catalyst Control Center Localization Greek
"{61335F5B-0C89-3FF5-782C-FECEFF845E18}" = Catalyst Control Center Localization German
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1167BB-452E-559B-B0AB-E47E16F50434}" = Catalyst Control Center Localization Korean
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7009F667-8876-4240-B9F0-EF951F03FB4F}" = TotalEdit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715083AD-480C-8829-6382-F4542668DFA7}" = Catalyst Control Center Localization Chinese Traditional
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A29388F-A4AA-9002-B641-00965F00CB81}" = Catalyst Control Center Localization Turkish
"{801FDB8E-AB8E-DC8D-DC34-71E55F5E512C}" = Catalyst Control Center Localization Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86A5C1F6-A7F6-1B41-6EDD-07232A78DE00}" = Catalyst Control Center Graphics Light
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{90FCD8D6-FD7D-64E3-DD33-CC492CBE6FBC}" = Catalyst Control Center Localization Polish
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{963B57B6-AF9F-392D-12D1-32E3974ACFA1}" = Catalyst Control Center Localization Finnish
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BD4A91-C0C0-EF80-E384-EEC5EE463280}" = Catalyst Control Center Localization Japanese
"{A833E9D7-60D1-BA2F-3E9F-83BA0582C896}" = Catalyst Control Center Localization French
"{A87CC6B1-D9BC-D871-8B2D-C6CDD5D13898}" = Catalyst Control Center Localization Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABC63B0E-23CE-F139-F3B6-1CCE1A641F17}" = ccc-utility
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFBD3104-3F35-4FB0-80FB-B09AA20E7D76}" = Cisco AnyConnect VPN Client
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = OD2 Music Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3026D71-D3FC-9052-7D6F-64A1BB6495B9}" = Catalyst Control Center Localization Italian
"{D330A835-E188-1325-30AB-E8A1C089C645}" = Catalyst Control Center Localization Russian
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5C2C8F3-D928-9AD2-113E-84A2AD9536F1}" = Catalyst Control Center Localization Chinese Standard
"{E5E13C41-93A6-B3F5-C4A6-E57740DDE187}" = ccc-core-static
"{E88E71A4-E4DC-7E56-295E-32EF98CFF2E9}" = Catalyst Control Center Localization Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC64B779-10A2-448C-8104-00B6790836A9}" = Samsung PC Studio
"{EE30D312-D109-A441-3949-AFEB004B729A}" = Catalyst Control Center Localization Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F6017B-BF7F-3FF4-C10A-FE8D96D166EC}" = Catalyst Control Center Localization Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F55A7B28-F744-D537-36F1-BEF5E6A8A3A1}" = Catalyst Control Center Localization Czech
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Freestyle Learning Home" = Freestyle Learning Home
"GridVista" = Acer GridVista
"GSview und Aladdin Ghostscript " = GSview und Aladdin Ghostscript
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"JMF2.1" = Java Media Framework 2.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"Nokia Suite" = Nokia Suite
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.07.2012 08:14:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:08 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:09 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:09 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.07.2012 08:14:10 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 09.07.2012 04:20:57 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 828 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 09.07.2012 04:20:57 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1657 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen. 
 
Error - 09.07.2012 04:20:57 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 09.07.2012 04:21:25 | Computer Name = ***-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 09.07.2012 04:21:25 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::GetActiveSessionId File: .\WTS.cpp Line: 155 Invoked
Function: CWTS::GetActiveSessionId Return Code: -30605303 (0xFE2D0009) Description:
 WTS_ERROR_UNEXPECTED Active user session not found
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:21:30 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::startVpnTunnel File: .\MainThread.cpp Line: 1236
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 09.07.2012 04:27:42 | Computer Name = ***-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ OSession Events ]
Error - 09.12.2009 15:06:28 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41407
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.01.2010 08:05:23 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 433 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 12.01.2010 06:57:16 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 9035 seconds with 1740 seconds of active time.  This session ended with a
 crash.
 
Error - 13.07.2010 13:24:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.07.2012 08:00:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 09.07.2012 08:00:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 09.07.2012 08:00:37 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 09.07.2012 08:01:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.07.2012 08:01:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 09.07.2012 08:02:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 09.07.2012 08:08:05 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.07.2012 um 14:06:21 unerwartet heruntergefahren.
 
Error - 09.07.2012 08:09:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 09.07.2012 08:09:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.07.2012 08:14:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---

markusg 09.07.2012 16:05
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012.07.08 19:22:48 | 000,001,726 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

 :Files
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn erledigt, bitte melden

Sommerzeit 09.07.2012 16:48
Hattte den Text eingefuegt,aber danach ging es immer noch nicht wieder richtig. Wenn ich jetzt im Internet bin, dann zeigt er meinen Hintergrund an und ich kann auch weiterhin nicht auf den Taskmanager zugreifen. Otl hatte einen Neustart verlangt, aber ich hatte dann nach dem Neustart keine neue Textdatei.
Soll ich olt nochmal starten oder den Text nochmal eingeben?
Ausserdem zeigt er an, dass der Windows-Hostprozess (Rundll32) nicht mehr funktioniert.

locallow sind die lokalen Einstellungen oder?auf diese kann ich nicht zugreifen!

Der Virus ist leider immer noch auf meinem pc. Benötige also dringend eure Hilfe und Rat!!!

Ist noch keine Loesung in Sicht? Ich benoetige dringend Hilfe.

markusg 09.07.2012 20:06
versuch mal das:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sommerzeit 10.07.2012 07:15
Combofix Logfile:
Code:
ComboFix 12-07-08.03 - *** 10.07.2012  7:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1001 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\***\AppData\Local\Temp\glom0_og.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-10 bis 2012-07-10  ))))))))))))))))))))))))))))))
.
.
2012-07-10 05:49 . 2012-07-10 05:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-06 12:38 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C25BB680-F440-44C1-8B61-33A683F2C1DC}\mpengine.dll
2012-06-22 15:59 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-22 15:59 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-22 15:59 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-22 15:59 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-22 15:58 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-22 15:58 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-22 15:58 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-22 15:57 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-22 15:57 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-13 13:00 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-13 13:00 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-13 13:00 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-13 12:58 . 2012-05-01 14:03        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 12:58 . 2012-05-15 19:51        2045440        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 17:03 . 2012-02-12 07:03        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 17:03 . 2012-02-12 07:03        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2012-06-14 22:19 . 2012-06-27 12:18        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18        1519824        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"MediaBarFileManager"="c:\program files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe" [2007-06-25 30024]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-5-30 295606]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-4 535336]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-24 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-24 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-12-25 172544]
VR-NetWorld Auftragsprüfung.lnk - c:\program files\VR-NetWorld\vrtoolcheckorder.exe [2007-8-22 192512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 17:07]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 17:07]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594614388-3155396300-3182383268-1003Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 18:08]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594614388-3155396300-3182383268-1003UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 18:08]
.
2012-07-09 c:\windows\Tasks\User_Feed_Synchronization-{83E07B58-0A4A-4B45-AC20-F1BD0E91EC62}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 139.30.8.7 139.30.8.8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3umkgif4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55414
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-XtraRichi - d:\program files\Richi\Richi_Skype_Com.exe
HKCU-Run-ICQ - d:\program files\ICQ7.5\ICQ.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-10 07:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  XtraRichi = d:\program files\Richi\Richi_Skype_Com.exe /OnStartUp???????????@?????????????????N?????d???????????=??u?e+x???????u???????u?????????????}?u?|?u??? ????^?? ????????????`??u????????tz?u`??u???????????? C0w?x?u????????????T????y?u??? ????????????=??u/?? S??
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-07-10  08:00:40
ComboFix-quarantined-files.txt  2012-07-10 06:00
.
Vor Suchlauf: 9.810.046.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 12.427.816.960 Bytes frei
.
- - End Of File - - E5CB0DE30E36F39669398E6E6B99FCAF
--- --- ---

ein Neustart wurde jetzt nicht verlangt, ich hoffe dass das trotzdem ok ist :)

markusg 11.07.2012 01:30
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Sommerzeit 11.07.2012 06:51
ok, malwarebytes ist gestartet. der post folgt dann, sobald es fertig ist.
Komme jetzt wieder ins Internet, also grob ist der Virus weg, aber mein PC ist trotzdem noch relativ langsam. Auf meine lokalen Einstellungen kann ich immer noch nicht zugreifen.
Post folgt in ca. 4 Stunden :)

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Franka :: **** [Administrator]

Schutz: Deaktiviert

11.07.2012 07:45:48
mbam-log-2012-07-11 (07-45-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423766
Laufzeit: 4 Stunde(n), 1 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Franka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
***:: ***-PC [Administrator]

Schutz: Deaktiviert

11.07.2012 07:45:48
mbam-log-2012-07-11 (07-45-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423766
Laufzeit: 4 Stunde(n), 1 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Antivir hat sich zwischenzeitlich auch noch zur Wort gemeldet.




Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 11. Juli 2012 10:11

Es wird nach 3859255 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 17:03:07
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 17:03:07
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 17:03:08
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 17:03:09
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 16:23:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:16:18
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:16:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:03:29
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:24:18
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 18:24:19
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 18:24:19
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 18:24:19
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 18:24:19
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 18:24:19
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 18:24:19
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 18:24:19
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 18:24:19
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 06:34:06
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 07:11:58
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 07:20:21
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 06:23:09
VBASE018.VDF : 7.11.35.144 2048 Bytes 09.07.2012 06:23:09
VBASE019.VDF : 7.11.35.145 2048 Bytes 09.07.2012 06:23:09
VBASE020.VDF : 7.11.35.146 2048 Bytes 09.07.2012 06:23:09
VBASE021.VDF : 7.11.35.147 2048 Bytes 09.07.2012 06:23:09
VBASE022.VDF : 7.11.35.148 2048 Bytes 09.07.2012 06:23:09
VBASE023.VDF : 7.11.35.149 2048 Bytes 09.07.2012 06:23:09
VBASE024.VDF : 7.11.35.150 2048 Bytes 09.07.2012 06:23:09
VBASE025.VDF : 7.11.35.151 2048 Bytes 09.07.2012 06:23:10
VBASE026.VDF : 7.11.35.152 2048 Bytes 09.07.2012 06:23:10
VBASE027.VDF : 7.11.35.153 2048 Bytes 09.07.2012 06:23:10
VBASE028.VDF : 7.11.35.154 2048 Bytes 09.07.2012 06:23:10
VBASE029.VDF : 7.11.35.155 2048 Bytes 09.07.2012 06:23:10
VBASE030.VDF : 7.11.35.156 2048 Bytes 09.07.2012 06:23:10
VBASE031.VDF : 7.11.35.206 94208 Bytes 10.07.2012 06:23:10
Engineversion : 8.2.10.108
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 06:23:11
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 07.07.2012 07:20:24
AESCN.DLL : 8.1.8.2 131444 Bytes 12.02.2012 07:16:30
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:26:57
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.3.0.12 807286 Bytes 11.07.2012 06:23:11
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 28.06.2012 18:24:29
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 07.07.2012 07:20:23
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 18:24:26
AEGEN.DLL : 8.1.5.32 434548 Bytes 07.07.2012 07:20:22
AEEXP.DLL : 8.1.0.60 86388 Bytes 07.07.2012 07:20:24
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 06:23:11
AECORE.DLL : 8.1.27.2 201078 Bytes 11.07.2012 06:23:10
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 17:03:02
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 17:03:07
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 17:03:09
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 17:03:07
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 17:03:07
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 17:03:09
AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 17:03:07
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 17:03:08
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 17:03:03
RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 17:03:03

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ffc8d02\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 11. Juli 2012 10:11

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'werfault.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclUSBSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FNPLicensingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ERAGENT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AutoStartupService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LogitechDesktopMessenger.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaSuite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaMServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OD2MediaBar_VistaFileManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eRecoveryService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Programme\Wireless\Bin\RegSrvc.exe>
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Die Datei existiert nicht!
[HINWEIS] Prozess 'RegSrvc.exe' wurde beendet
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobilityService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Iaantmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Programme\Wireless\Bin\EvtEng.exe>
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Die Datei existiert nicht!
[HINWEIS] Prozess 'EvtEng.exe' wurde beendet
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Users\***\AppData\Local\Temp\glom0_og.exe.vir'
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\Temp\glom0_og.exe.vir
[FUND] Ist das Trojanische Pferd TR/Kazy.80623.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ba9260.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 11. Juli 2012 10:52
Benötigte Zeit: 40:33 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
2813 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
2810 Dateien ohne Befall
14 Archive wurden durchsucht
2 Warnungen
3 Hinweise

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 11. Juli 2012 10:11

Es wird nach 3859255 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 17:03:07
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 17:03:07
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 17:03:08
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 17:03:09
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 16:23:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:16:18
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:16:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:03:29
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:24:18
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 18:24:19
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 18:24:19
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 18:24:19
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 18:24:19
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 18:24:19
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 18:24:19
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 18:24:19
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 18:24:19
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 06:34:06
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 07:11:58
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 07:20:21
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 06:23:09
VBASE018.VDF : 7.11.35.144 2048 Bytes 09.07.2012 06:23:09
VBASE019.VDF : 7.11.35.145 2048 Bytes 09.07.2012 06:23:09
VBASE020.VDF : 7.11.35.146 2048 Bytes 09.07.2012 06:23:09
VBASE021.VDF : 7.11.35.147 2048 Bytes 09.07.2012 06:23:09
VBASE022.VDF : 7.11.35.148 2048 Bytes 09.07.2012 06:23:09
VBASE023.VDF : 7.11.35.149 2048 Bytes 09.07.2012 06:23:09
VBASE024.VDF : 7.11.35.150 2048 Bytes 09.07.2012 06:23:09
VBASE025.VDF : 7.11.35.151 2048 Bytes 09.07.2012 06:23:10
VBASE026.VDF : 7.11.35.152 2048 Bytes 09.07.2012 06:23:10
VBASE027.VDF : 7.11.35.153 2048 Bytes 09.07.2012 06:23:10
VBASE028.VDF : 7.11.35.154 2048 Bytes 09.07.2012 06:23:10
VBASE029.VDF : 7.11.35.155 2048 Bytes 09.07.2012 06:23:10
VBASE030.VDF : 7.11.35.156 2048 Bytes 09.07.2012 06:23:10
VBASE031.VDF : 7.11.35.206 94208 Bytes 10.07.2012 06:23:10
Engineversion : 8.2.10.108
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 06:23:11
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 07.07.2012 07:20:24
AESCN.DLL : 8.1.8.2 131444 Bytes 12.02.2012 07:16:30
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:26:57
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.3.0.12 807286 Bytes 11.07.2012 06:23:11
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 28.06.2012 18:24:29
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 07.07.2012 07:20:23
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 18:24:26
AEGEN.DLL : 8.1.5.32 434548 Bytes 07.07.2012 07:20:22
AEEXP.DLL : 8.1.0.60 86388 Bytes 07.07.2012 07:20:24
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 06:23:11
AECORE.DLL : 8.1.27.2 201078 Bytes 11.07.2012 06:23:10
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 17:03:02
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 17:03:07
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 17:03:09
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 17:03:07
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 17:03:07
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 17:03:09
AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 17:03:07
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 17:03:08
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 17:03:03
RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 17:03:03

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ffc8d02\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 11. Juli 2012 10:11

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'werfault.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclUSBSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FNPLicensingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ERAGENT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AutoStartupService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LogitechDesktopMessenger.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaSuite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaMServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OD2MediaBar_VistaFileManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eRecoveryService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Programme\Wireless\Bin\RegSrvc.exe>
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Die Datei existiert nicht!
[HINWEIS] Prozess 'RegSrvc.exe' wurde beendet
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobilityService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Iaantmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Programme\Wireless\Bin\EvtEng.exe>
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Die Datei existiert nicht!
[HINWEIS] Prozess 'EvtEng.exe' wurde beendet
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Users\Franka\AppData\Local\Temp\glom0_og.exe.vir'
C:\Qoobox\Quarantine\C\Users\Franka\AppData\Local\Temp\glom0_og.exe.vir
[FUND] Ist das Trojanische Pferd TR/Kazy.80623.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ba9260.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 11. Juli 2012 10:52
Benötigte Zeit: 40:33 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
2813 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
2810 Dateien ohne Befall
14 Archive wurden durchsucht
2 Warnungen
3 Hinweise

Glaube jedoch, dass der Trojaner immernoch teilweise auf meinem PC ist. Was kann ich dagegen tun?

,,für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn erledigt, bitte melden"

hab ich zip-datei hochgeladen.

markusg 11.07.2012 18:16
warum glaubst du das, probleme festzustellen?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Sommerzeit 12.07.2012 06:53
weil der PC sehr langsam ist. Zudem wenn ich das Laufwerk C öffne, sind einige Sachen in blau geschrieben, was vorher nicht war. Dann kann ich nicht auf lokalen Einstellungen oder auch Netzwerkeinstellungen, oder appdata, oder installanywhere ( C://benutzer/***/ )zugreifen, was vorher auch nicht war.
Brauche auch sehr lange ins Internet zu gehen. Gehe über den Cisco anyconnect client rein, und hier muss ich jetzt immer 2x einwählen, bevor ich überhaupt rein komme, das war vorher auch nicht.

2007 Microsoft Office system Microsoft Corporation 02.03.2012 491MB 12.0.6612.1000
ABBYY FineReader 6.0 Sprint ABBYY Software House 14.10.2007 119MB 6.00.1395.4512 weiß nicht, was das ist
Acer Crystal Eye webcam Sonix 19.07.2007 1,25MB 5.7.28.500-1.0 notwendig
Acer Crystal Eye webcam SUYIN 19.07.2007 1.0.11 notwendig, aber Frage warum hier nochmal?
Acer GridVista 19.07.2007 1,29MB 2.67.522 weiß nicht, ob das notwendig ist`?!
Acer Mobility Center Plug-In Acer Inc. 19.07.2007 5,55MB 1.0.3003 weiß nicht, ob das notwendig ist?!
Acer ScreenSaver Acer Inc. 19.07.2007 2.11.20070515 weiß nicht, ob das notwendig ist?!
Acer Tour Acer Inc. 04.07.2007 147MB 2.0.1003 weiß nicht, ob das notwendig ist?!
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 19.07.2007 14,0MB weiß nicht, ob das notwendig ist?!
Adobe Acrobat 8 Professional - English, Français, Deutsch Adobe Systems 30.05.2008 1,15GB 8.0.0 notwendig!
Adobe AIR Adobe Systems Incorporated 10.04.2011 29,7MB 2.6.0.19120 weiß nicht, ob das notwendig ist?!
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 29.07.2010 10.1.53.64 weiß nicht, ob das notwendig ist?!
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 28.03.2012 11.1.102.63 weiß nicht, ob das notwendig ist?!
Adobe Reader 7.0.5 Language Support Adobe Systems 05.04.2008 33,5MB 7.0.5 weiß nicht, ob das notwendig ist?!
Adobe Reader 7.1.0 Adobe Systems Incorporated 21.05.2008 64,7MB 7.1.0 weiß nicht, ob das notwendig ist?!
Amazon MP3-Downloader 1.0.9 24.03.2010 2,55MB notwendig
Apple Application Support Apple Inc. 18.03.2012 60,9MB 2.1.7 weiß nicht, ob das notwendig ist?!
Apple Mobile Device Support Apple Inc. 18.03.2012 24,1MB 5.1.1.4 nicht notwendig
Apple Software Update Apple Inc. 01.08.2011 2,38MB 2.1.3.127 nicht notwendig
Ask Toolbar Ask.com 09.07.2012 3,18MB 1.15.4.0 weiß nicht, ob das notwendig ist
ATI Catalyst Install Manager ATI Technologies, Inc. 19.07.2007 13,6MB 3.0.619.0 weiß nicht, ob das notwendig ist, ist aber glaub ich für die grafikkarte
ATI Uninstaller ATI Technologies, Inc. 19.07.2007 13,7MB weiß nicht, ob das notwendig ist
Avira Free Antivirus Avira 09.05.2012 61,8MB 12.0.0.1125 notwendig
Broadcom Gigabit Integrated Controller Broadcom Corporation 18.04.2007 764KB 10.15.10 weiß nicht, ob das notwendig ist
Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 06.10.2009 31,4MB 3.0.8619.1 nicht notwendig
Camera RAW Plug-In for EPSON Creativity Suite SEIKO EPSON CORPORATION 14.10.2007 12,7MB 2.2.0.0 weiß nicht, ob das notwendig ist
CCleaner Piriform 22.06.2012 4,76MB 3.20 jetzt ja notwendig :)
Cisco AnyConnect VPN Client Cisco Systems, Inc. 19.12.2010 4,48MB 2.5.2006 notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 14.05.2012 37,9MB 12.0.6612.1000 weiß nicht, ob das notwendig ist
EPSON Attach To Email SEIKO EPSON 14.10.2007 904KB 1.01.0000 eigentlicht nicht notwendig
EPSON Copy Utility 3 14.10.2007 146MB 3.3.0.0 notwendig
EPSON Easy Photo Print SEIKO EPSON CORPORATION 14.10.2007 84,4MB 1.5.0.0 nicht unbedingt notwendig
EPSON File Manager 14.10.2007 28,4MB 1.3.0.0 weiß nicht?!eher nicht
EPSON Scan 14.10.2007 167MB notwendig
EPSON Scan Assistant 14.10.2007 3,77MB 1.10.00 notwendig
EPSON-Drucker-Software SEIKO EPSON Corporation 27.11.2009 notwendig
Freestyle Learning Home 25.06.2008 328MB nicht notwendig, kenn es aber weiß nicht mehr genau was, das ist
Google Chrome Google Inc. 14.10.2011 182MB 20.0.1132.57 notwendig
Google Gears Google 24.03.2010 9,05MB 0.5.3600 nicht notwendig
GSview und Aladdin Ghostscript 21.11.2007 nicht notwendig
HDAUDIO Soft Data Fax Modem with SmartCP 19.07.2007 724KB weiß nicht, ob das notwendig ist
ICQ7.6 ICQ 05.10.2011 57,0MB 7.6 nicht unbedingt notwendig
Intel(R) Matrix Storage Manager 19.07.2007 3,77MB sicherlich notwendig oder?
Intel(R) PROSet/Wireless Software Intel Corporation 15.09.2007 11.01.0000 sicherlich notwendig oder?
IrfanView (remove only) 24.10.2007 1,37MB notwendig
iTunes Apple Inc. 02.04.2012 156MB 10.6.1.7 notwendig, aber auch eventuelle neuinstallation möglich
Java Media Framework 2.1 25.06.2008 6,43MB braucht man das?
Launch Manager 19.07.2007 3,18MB braucht man das?
Logitech Desktop Messenger Logitech, Inc. 24.10.2007 11,4MB 2.52.18 muss was von meiner Maus sein
Logitech SetPoint Logitech 12.09.2008 17,6MB 4.60 muss was für meine Maus sein
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 11.07.2012 11,6MB 1.61.0.1400 soltle das Programm weiterhin drauf bleiben?
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 26.08.2009 36,9MB weiß nciht, ob man das braucht
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 25.08.2009 36,9MB weiß nciht, ob man das braucht
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120MB 4.0.30319 weiß nciht, ob man das brauch
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 weiß nciht, ob man das brauch
Microsoft Office 2003 Web Components Microsoft Corporation 12.04.2012 21,7MB 11.0.8003.0 weiß nciht, ob man das brauch
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 14.12.2011 7,23MB 12.0.4518.1014 weiß nciht, ob man das brauch
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,91MB 14.0.5130.5003 weiß nciht, ob man das brauch
Microsoft Office PowerPoint 2003 Template Pack 1 Microsoft Corporation 07.01.2010 12,3MB 11.0.5614.0 weiß nciht, ob man das brauch
Microsoft Office PowerPoint 2003 Template Pack 2 Microsoft Corporation 07.01.2010 13,0MB 11.0.5614.0 weiß nciht, ob man das brauch
Microsoft Office PowerPoint 2003 Template Pack 3 Microsoft Corporation 07.01.2010 13,0MB 11.0.5614.0 weiß nciht, ob man das brauch
Microsoft Office Small Business Connectivity Components Microsoft Corporation 04.07.2007 158KB 2.0.7024.0 weiß nciht, ob man das brauch
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 17.06.2011 132MB 10.0.6626.0 weiß nicht, ob man das braucht
Microsoft Silverlight Microsoft Corporation 14.05.2012 29,0MB 5.1.10411.0 weiß nicht, ob man das braucht
Microsoft SQL Server 2005 Microsoft Corporation 04.07.2007 42,6MB weiß nicht, ob man das braucht
Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 24.12.2010 2,59MB 3.5.5692.0 weiß nicht, ob man das braucht
Microsoft SQL Server Native Client Microsoft Corporation 29.04.2011 2,63MB 9.00.5000.00 weiß nicht, ob man das braucht
Microsoft SQL Server VSS Writer Microsoft Corporation 29.04.2011 699KB 9.00.5000.00 weiß nicht, ob man das braucht
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 251KB 8.0.50727.4053 weiß nicht, ob man das braucht
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 294KB 8.0.61001 weiß nicht, ob man das braucht
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 199KB 9.0.30729.4148 weiß nicht, ob man das braucht
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 592KB 9.0.30729.5570 weiß nicht, ob man das braucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 16.06.2011 233KB 9.0.30729 weiß nicht, ob man das braucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 01.04.2009 590KB 9.0.30729 weiß nicht, ob man das braucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.12.2010 587KB 9.0.30729.4148 weiß nicht, ob man das braucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 594KB 9.0.30729.6161 weiß nicht, ob man das braucht
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.02.2012 16,5MB 10.0.40219 weiß nicht, ob man das braucht
Mozilla Firefox 13.0.1 (x86 de) Mozilla 27.06.2012 789MB 13.0.1 notwendig
Mozilla Maintenance Service Mozilla 27.06.2012 216KB 13.0.1 brauch man das in Verbindung mit Firefox?
Mozilla Thunderbird (6.0.2) Mozilla 22.09.2011 35,4MB 6.0.2 (de) notwendig
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 20.08.2007 1,26MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 12.10.2007 1,26MB 4.20.9849.0 -->was sind diese 4?
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.11.2008 1,27MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,33MB 4.20.9876.0
Nokia Connectivity Cable Driver Nokia 14.04.2012 3,34MB 7.1.69.0 notwendig
Nokia Ovi Player Nokia Ovi Player 05.04.2011 6,03MB 2.1.11020 nicht notwendig
Nokia Suite Nokia 14.04.2012 129MB 3.3.89.0 notwendig
Nokia_Multimedia_Common_Components_2_5 Nokia 05.04.2011 19,3MB 2.7.16 braucht man das dazu?
NTI Backup NOW! 4.7 NewTech Infosystems 04.07.2007 7,21MB 4
NTI CD & DVD-Maker NewTech Infosystems 04.07.2007 40,1MB 7 -->braucht man dieses NTI?
NTI Shadow NewTech Infosystems 04.07.2007 4,69MB 3.1.5.0
OD2 Music Manager On Demand Distribution 25.02.2010 2,15MB 1.0.5068 -->weiß nicht, wo das hingehört
PC Connectivity Solution Nokia 14.04.2012 14,7MB 11.5.29.0 gehört zum nokia programm
PhotoFiltre 03.07.2011 3,91MB notwendig
PHOTOfunSTUDIO 5.0 Panasonic Corporation 25.12.2010 76,8MB 5.00.209 notwendig
PowerDVD CyberLink Corporation 19.07.2007 132MB 7.32.2811g.0 wofür ist das?
QuickTime Apple Inc. 12.06.2012 73,2MB 7.72.80.56 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.07.2007 14,7MB 6.0.1.5423 notwendig
Skype Click to Call Skype Technologies S.A. 16.03.2012 14,3MB 5.9.9216 weiß nicht, ob man das in Verbindung mit Skype braucht
Skype™ 5.9 Skype Technologies S.A. 18.06.2012 19,0MB 5.9.123 notwendig
Synaptics Pointing Device Driver Synaptics 04.07.2007 12,7MB 9.0.3.0 sicherlich irgendwie notwendig?
Systemsteuerung "MobileMe" Apple Inc. 01.10.2008 5,12MB 2.1.0.24 nicht notwendig
Texas Instruments PCIxx21/x515/xx12 drivers. Ihr Firmenname 04.07.2007 964KB 2.00.0001 sicherlich notwnedig oder?
TotalEdit CoderTools 04.11.2008 11,4MB 5.0.8 weiß nicht so genau, was das ist
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 10.07.2012 23,2MB 9.00.5000.00 ist das notwendig?
VideoLAN VLC media player 0.8.6c VideoLAN Team 18.08.2007 32,3MB 0.8.6c notwendig
VR-NetWorld 22.08.2007 2,31MB notwendig
WIDCOMM Bluetooth Software 6.0.1.3900 Broadcom Corporation 19.07.2007 40,6MB 6.0.1.3900 notwendig
Winamp (remove only) 17.08.2007 10,6MB notwendig
Windows Live Essentials Microsoft Corporation 07.01.2011 15.4.3508.1109 nicht notwendig
Windows Media Player Firefox Plugin Microsoft Corp 24.07.2009 296KB 1.0.0.8 notwendig?
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 14.04.2012 08/22/2008 7.0.0.0 notwendig ?
WinRAR 19.12.2008 3,71MB notwendig?!

cosinus 12.07.2012 07:25
*kurz einmisch*

Hallo Fr****,

ich hab deine Beitragsmeldungen gelesen und würd gern mal erfahren warum man da was editieren sollte? Welche persönlichen Infos hat man von dir wenn man nach Fr**** googelt? http://cheesebuerger.de/images/midi/froehlich/a048.gif

Du hast auch das => http://www.trojaner-board.de/108422-...-anfragen.html und das http://www.trojaner-board.de/69886-a...-beachten.html vollständig gelesen?

Zitat:
2. Logfiles enthalten viele Informationen, die für uns wichtig sind. Wir brauchen die vollständigen Logfiles um euch effektiv helfen zu können. Sollte euer Nutzername eurem vollständigen Namen entsprechen, ist es nicht unsere Arbeit, diesen nachträglich zu editieren.


Realnamen sind so zu editieren:

(...)
Bitte macht dies nur dann, wenn die Logfiles wirklich euren Namen zeigen. Es erschwert den Helfern das schreiben von Skripten und ihr müsst diese wieder selbstständig einfügen.
Mit erfundenen Profilnamen ( z.B. Larusso ) kann niemand was anfangen.
Gruß
A*** (co*****)

SCNR ;)

Sommerzeit 12.07.2012 08:12
ich hatte das nur angefordert, weil hier irgendwie stand, dass in man in seinem eigenen Interesse seinen Pc-Namen oder namen wie dem auch sei mit *** ersetzen soll. Aber das ist ja nun auch egal, so dass du nun meinen und deinen Beitrag in diesen Thread löschen kannst, denn er hat mit dem eigentlichen Thema ja jetzt nichts zu tun :)

cosinus 12.07.2012 10:49
Das bezieht sich aufschließlich auf vollständige Realnamen! Du hast hier nur den Vornamen drin gehapt und nicht Vorname mit kompletten Nachnamen!

Ich dachte mein Wink mit dem Zaunpfahl war zu erkennen?! :confused: :wtf:


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19