Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 18

Thema: Taskleiste verschwunden, Systemwiederherstellung, Logs

  1. #1
    Einsteiger
    Registriert seit
    21.11.2010
    Beiträge
    9

    Taskleiste verschwunden, Systemwiederherstellung, Logs

    Hi,
    poste hier das erste mal, also ruhig sagen wenn ich was falsch mache :/

    Ich hatte gestern nach den hochfahren keine Taskleiste mehr und mein explorer ist alle paar sekunden abgeschmiert.... hab systemwiederherstellung gemacht, jetzt läuft scheinbar wieder alles normal.
    Hab Malwarebytes und Spybot durchlaufen lassen, die haben nicht wirklich was gefunden, nur mein AVG Anti-Virus hat gestern bei jeder .exe angeschlagen, das ein Trojaner "Generic8" in der datei dllhexer.dll sei... hab die Datei im Abgesicherten gelöscht.

    Habe jetzt mal mit OTL und HiJackthis gescannt.... ist ziemlich zugemüllt, aber wäre nett, wenn die Logs mal einer durchschauen könnte.


    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:04:38, on 21.11.2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal
    
    Running processes:
    C:\Users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Users\USER\Desktop\HiJackThis204.exe
    
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    O8 - Extra context menu item: Free YouTube Download - C:\Users\USER\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Gatewaydienst auf Anwendungsebene (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ast Service - Unknown owner - C:\Windows\system32\\AstSrv.exe (file missing)
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 7542 bytes

    Code:
    OTL logfile created on: 21.11.2010 14:51:35 - Run 1
    OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\USER\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 68,00% Memory free
    12,00 Gb Paging File | 10,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195,78 Gb Total Space | 105,67 Gb Free Space | 53,97% Space Free | Partition Type: NTFS
    Drive D: | 400,39 Gb Total Space | 58,66 Gb Free Space | 14,65% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 335,64 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
    Drive Z: | 931,51 Gb Total Space | 620,56 Gb Free Space | 66,62% Space Free | Partition Type: NTFS
     
    Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2010.11.21 14:50:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
    PRC - [2010.11.09 15:02:21 | 002,069,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    PRC - [2010.10.06 15:31:44 | 001,032,368 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    PRC - [2010.07.15 15:41:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    PRC - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010.04.28 12:45:50 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
    PRC - [2009.05.26 23:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
    PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
    PRC - [2009.01.08 14:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    PRC - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    PRC - [2008.01.21 03:48:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2010.11.21 14:50:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
    MOD - [2008.01.21 03:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\AstSrv.exe -- (Ast Service)
    SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2010.07.15 15:41:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010.04.02 16:56:50 | 000,332,720 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009.09.26 11:23:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
    SRV - [2008.09.24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\NSNDIS5.SYS -- (NSNDIS5)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    DRV:64bit: - [2010.07.15 15:40:49 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
    DRV:64bit: - [2010.06.03 10:41:19 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
    DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009.10.03 14:14:39 | 000,867,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009.10.03 13:40:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
    DRV:64bit: - [2009.10.03 13:39:56 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009.05.23 00:08:37 | 000,036,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
    DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
    DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
    DRV:64bit: - [2009.02.17 18:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2008.06.23 23:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
    DRV:64bit: - [2008.01.21 03:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2007.08.15 09:22:00 | 000,369,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2006.11.01 08:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
    DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\nsndis5.sys -- (NSNDIS5)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
     
     
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\USER\AppData\Roaming\5006 [2010.11.05 00:39:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.06 00:41:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.29 05:39:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.10.31 20:17:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2010.10.11 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Extensions
    [2010.10.11 20:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010.02.21 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010.11.20 06:54:50 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions
    [2010.09.18 14:17:44 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
    [2010.09.18 14:17:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    [2010.02.10 17:11:10 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    [2010.08.04 12:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2010.09.18 14:17:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010.09.18 14:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010.09.18 14:17:36 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010.09.18 14:17:36 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lscumdr4.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    [2010.11.14 21:26:22 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin-1.xml
    [2010.07.20 21:44:53 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin-2.xml
    [2010.07.24 19:42:35 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin-3.xml
    [2010.09.09 10:03:54 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin-4.xml
    [2010.09.16 22:55:07 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin-5.xml
    [2010.10.21 23:08:39 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin-6.xml
    [2010.06.20 12:06:57 | 000,000,950 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\lscumdr4.default\searchplugins\icqplugin.xml
    [2010.11.21 14:34:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
    [2010.05.25 17:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2010.10.21 23:08:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2010.10.21 23:08:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2010.10.21 23:08:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2010.10.21 23:08:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2010.10.21 23:08:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2010.11.17 07:14:54 | 000,000,958 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O1 - Hosts: 127.0.0.1 im.adtech.de
    O1 - Hosts: 127.0.0.1 adserver.adtech.de
    O1 - Hosts: 127.0.0.1 adtech.de
    O1 - Hosts: 127.0.0.1 ar.atwola.com
    O1 - Hosts: 127.0.0.1 atwola.com
    O1 - Hosts: 127.0.0.1 adserver.71i.de
    O1 - Hosts: 127.0.0.1 adicqserver.71i.de
    O1 - Hosts: 127.0.0.1 71i.de
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKCU..\Run: [EVEREST AutoStart] D:\programme, fonts, skins etc\UPortable\Portable Lavalys Everest Ultimate Edition 5.00.1650 Final\everest_start.exe ()
    O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\USER\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
    O8 - Extra context menu item: Free YouTube Download - C:\Users\USER\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\USER\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\USER\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{10d4ab30-1e24-11df-8154-00248c52f0e7}\Shell - "" = AutoRun
    O33 - MountPoints2\{10d4ab30-1e24-11df-8154-00248c52f0e7}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found
    O33 - MountPoints2\{cb9bf524-0141-11df-ad94-00248c52f0e7}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb9bf524-0141-11df-ad94-00248c52f0e7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{eb999829-1f0b-11df-b704-001f3f0a6bd3}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O36 - AppCertDlls: lnksSTAT - (C:\Windows\system32\dllhexer.dll) - C:\Windows\SysWow64\dllhexer.dll File not found
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2010.11.21 14:50:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
    [2010.11.21 14:31:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\USER\Desktop\HiJackThis204.exe
    [2010.11.21 02:19:34 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
    [2010.11.21 00:55:16 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\backups
    [2010.11.20 06:44:27 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
    [2010.11.17 07:14:07 | 002,133,060 | ---- | C] (murb.com                                                    ) -- C:\Users\USER\Desktop\ICQ 7.2 Build #3159 Banner Remover 1.0 Setup.exe
    [2010.11.17 07:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
    [2010.11.15 01:50:33 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
    [2010.11.15 01:49:33 | 001,943,584 | ---- | C] (Piriform Ltd) -- C:\Users\USER\Desktop\ccsetup3001310_slim.exe
    [2010.11.15 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes
    [2010.11.15 01:35:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010.11.15 01:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010.11.15 01:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010.11.15 01:29:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\USER\Desktop\mbam146-setup.exe
    [2010.11.11 16:24:13 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2010.11.11 16:22:16 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\FFOutput
    [2010.11.11 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
    [2010.11.06 00:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celebrity Toolbar
    [2010.11.05 00:39:35 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\5006
    [2010.11.05 00:38:24 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\xmldm
    [2010.11.03 12:29:30 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Octoshape
    [2010.10.24 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\AirMouse
    [2010.10.24 12:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Air Mouse
    [2010.10.24 12:39:52 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Downloaded Installations
    [2010.10.24 12:05:38 | 000,000,000 | ---D | C] -- C:\Users\USER\{c5924622-b6b6-49ac-a2de-3c12c3e3a3fb}
    [2010.10.24 12:02:52 | 000,000,000 | ---D | C] -- C:\Users\USER\AVM_Driver
    [2010.10.24 12:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\USER\AppData\Roaming\*.tmp files -> C:\Users\USER\AppData\Roaming\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2010.11.21 14:50:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
    [2010.11.21 14:31:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\USER\Desktop\HiJackThis204.exe
    [2010.11.21 14:29:44 | 001,452,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010.11.21 14:29:44 | 000,636,858 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2010.11.21 14:29:44 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010.11.21 14:29:44 | 000,128,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2010.11.21 14:29:44 | 000,106,200 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010.11.21 14:23:01 | 000,000,438 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2010.11.21 14:22:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010.11.21 14:22:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010.11.21 14:22:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010.11.21 02:17:21 | 001,125,011 | ---- | M] () -- C:\Users\USER\Desktop\Unlocker1.9.0-x64.exe
    [2010.11.21 01:10:57 | 067,895,071 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
    [2010.11.18 20:40:57 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010.11.18 17:03:07 | 000,114,176 | ---- | M] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010.11.17 07:14:54 | 000,000,958 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010.11.15 01:50:34 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010.11.15 01:49:56 | 001,943,584 | ---- | M] (Piriform Ltd) -- C:\Users\USER\Desktop\ccsetup3001310_slim.exe
    [2010.11.15 01:35:42 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010.11.15 01:34:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\USER\Desktop\mbam146-setup.exe
    [2010.11.14 16:08:53 | 000,000,000 | ---- | M] () -- C:\Users\USER\AppData\Roaming\chrtmp
    [2010.11.07 17:33:34 | 000,000,019 | ---- | M] () -- C:\Users\USER\AppData\Roaming\urhtps.dat
    [2010.11.04 22:39:41 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2010.10.26 20:04:48 | 002,133,060 | ---- | M] (murb.com                                                    ) -- C:\Users\USER\Desktop\ICQ 7.2 Build #3159 Banner Remover 1.0 Setup.exe
    [2010.10.24 14:24:58 | 000,000,104 | ---- | M] () -- C:\Users\USER\Desktop\Computer - Verknüpfung.lnk
    [2010.10.24 12:40:38 | 000,001,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\USER\AppData\Roaming\*.tmp files -> C:\Users\USER\AppData\Roaming\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2010.11.21 02:17:21 | 001,125,011 | ---- | C] () -- C:\Users\USER\Desktop\Unlocker1.9.0-x64.exe
    [2010.11.15 01:50:34 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010.11.15 01:35:42 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010.11.15 01:35:39 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010.11.14 16:08:53 | 000,000,000 | ---- | C] () -- C:\Users\USER\AppData\Roaming\chrtmp
    [2010.11.07 04:28:02 | 000,000,019 | ---- | C] () -- C:\Users\USER\AppData\Roaming\urhtps.dat
    [2010.10.24 14:24:58 | 000,000,104 | ---- | C] () -- C:\Users\USER\Desktop\Computer - Verknüpfung.lnk
    [2010.10.24 12:40:38 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
    [2010.10.24 12:14:19 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf
    [2010.08.18 14:34:06 | 000,000,680 | ---- | C] () -- C:\Users\USER\AppData\Local\d3d9caps.dat
    [2010.04.04 22:01:40 | 000,328,592 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI3B1D.txt
    [2010.04.04 22:01:40 | 000,011,166 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI3B1D.txt
    [2010.04.03 23:00:04 | 000,328,214 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI19AD.txt
    [2010.04.03 23:00:04 | 000,011,150 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI19AD.txt
    [2010.04.03 22:55:19 | 000,332,548 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI160B.txt
    [2010.04.03 22:55:19 | 000,013,016 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI160B.txt
    [2010.04.03 22:54:31 | 000,331,788 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI156E.txt
    [2010.04.03 22:54:31 | 000,012,984 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI156E.txt
    [2010.04.03 22:52:18 | 000,329,888 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI13B8.txt
    [2010.04.03 22:52:17 | 000,012,904 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI13B8.txt
    [2010.04.03 22:42:42 | 000,413,244 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI0C63.txt
    [2010.04.03 22:42:42 | 000,011,470 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI0C63.txt
    [2010.04.01 19:07:13 | 000,000,090 | ---- | C] () -- C:\Windows\WA.INI
    [2010.03.22 19:42:01 | 000,000,130 | ---- | C] () -- C:\Users\USER\AppData\Roaming\default.rss
    [2010.03.22 19:41:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009.11.19 20:31:35 | 001,448,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009.10.03 14:20:14 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2009.09.20 16:43:53 | 000,551,108 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistMSI75D0.txt
    [2009.09.20 16:43:52 | 000,014,710 | ---- | C] () -- C:\Users\USER\AppData\Local\dd_vcredistUI75D0.txt
    [2009.09.09 00:20:37 | 000,114,176 | ---- | C] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.09.07 21:27:32 | 000,034,932 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2009.09.07 21:27:06 | 000,034,289 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009.09.07 12:08:31 | 000,000,732 | ---- | C] () -- C:\Users\USER\AppData\Local\d3d9caps64.dat
    [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008.01.21 03:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
     
    ========== LOP Check ==========
     
    [2010.11.05 00:39:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\5006
    [2010.04.19 15:08:16 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Copernic
    [2009.10.03 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Pro
    [2010.08.20 04:03:00 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Duqeci
    [2010.08.04 12:00:42 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010.04.14 16:49:03 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\FreeCommander
    [2010.11.21 02:23:59 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\ICQ
    [2009.10.23 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\ImgBurn
    [2010.06.01 03:36:40 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\LolClient
    [2010.06.24 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\NCH Swift Sound
    [2010.08.30 02:41:10 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Octoshape
    [2010.01.19 11:06:24 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Opera
    [2009.10.21 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Stereoscopic Player
    [2010.10.11 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Thunderbird
    [2009.09.07 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TMP
    [2010.02.21 20:57:11 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TomTom
    [2010.01.09 03:21:58 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\tradesignal
    [2010.04.01 05:32:58 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Ubisoft
    [2010.11.21 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\xmldm
    [2010.08.19 21:08:29 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Xynay
    [2010.11.21 14:20:42 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
    
    < End of report >

    Code:
    OTL Extras logfile created on: 21.11.2010 14:51:35 - Run 1
    OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\USER\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 68,00% Memory free
    12,00 Gb Paging File | 10,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195,78 Gb Total Space | 105,67 Gb Free Space | 53,97% Space Free | Partition Type: NTFS
    Drive D: | 400,39 Gb Total Space | 58,66 Gb Free Space | 14,65% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 335,64 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
    Drive Z: | 931,51 Gb Total Space | 620,56 Gb Free Space | 66,62% Space Free | Partition Type: NTFS
     
    Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UACDisableNotify" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DisabledInterfaces" = {07D97C49-848F-4938-AD91-D4DB834320ED},{5E82F6EE-1961-4F1C-89FD-B241A83371DA}
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\USER\AppData\Roaming\file-)#.exe" = C:\Users\USER\AppData\Roaming\file-)#.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
    "C:\Users\USER\AppData\Roaming\file-)#.exe" = C:\Users\USER\AppData\Roaming\file-)#.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02A7FDDA-6CC2-4BB5-A729-EA286C76FA35}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher | 
    "{0B4B784A-EDDC-41F8-AF62-5C9A5199B082}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{0B569ADB-F9EF-401C-9A21-40C2147A7616}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{1073B69C-4D99-464C-9B51-1ECC00423F12}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{12BD7B7F-F10D-42C9-AFD5-61D96B1B3772}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{2078009F-33D7-4ECF-A8B2-B07BA8924C9C}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
    "{248F3056-BF60-43A5-8DF3-DF73835B0870}" = lport=58323 | protocol=17 | dir=in | name=pando media booster | 
    "{29057E15-1897-457D-A7AD-E2FD2C817694}" = lport=58323 | protocol=6 | dir=in | name=pando media booster | 
    "{2937DE2D-C9F4-4457-B9E0-5073851F8C04}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
    "{2C5747DE-1DCA-4024-9516-11EBA2321111}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{2EB536AA-328E-4A85-9E7E-DF72F866BABE}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{348A7C20-2F16-4593-B6F4-BCBC063DA8F6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
    "{4180D24E-5760-4AD1-9C2D-9EB76DC5F7EB}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher | 
    "{449EFFD0-966E-4E69-A21A-0E304397F50D}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{4764D540-BED4-4E2F-B6AE-615DFE629AA2}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
    "{4C428D2D-A804-4D25-A0AF-EF94C1565644}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{5617792E-8696-4D45-9445-C784E8932B88}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher | 
    "{5E25CB2A-0692-444E-B4AD-FECD0FB3E468}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{6EE64770-2CBC-447D-9C85-0F4E7F86CE87}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{7644BE0D-D5EB-49E6-BC2A-4EC9E0DD1120}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | 
    "{7715C88E-410D-4F0F-8DC1-B0F05489370A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{787DF232-8E84-4E66-A741-CBDE9F20AFB7}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
    "{7D169B4C-E74F-405A-8CC4-23C8EAF9F436}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
    "{80590559-D67F-437A-871E-6A148E3E4408}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher | 
    "{879594E7-C341-493F-919E-90B015E30046}" = lport=58323 | protocol=6 | dir=in | name=pando media booster | 
    "{8A1E04F9-6613-4AA8-8232-98DEF2FC3ADF}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher | 
    "{8AD1561E-4C30-4BCF-A511-765DD2FA86CA}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher | 
    "{919C3F58-14AE-41EE-A2CA-775E26EFF190}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{93B54530-7AC8-4C57-9848-4F5736B98F56}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{9B7872B8-244B-4034-A287-6FEACF7B9D47}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
    "{A7A53B2E-F926-43E1-8683-FE5A3F77571C}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | 
    "{B67BC6F2-53EB-412F-976F-A8C0022FF5A5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{B8B79499-CE00-48B3-802D-EBBB95B9C39F}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
    "{BCC83C94-11E4-41F3-B12F-66153AC54459}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
    "{C2C5750D-825A-4033-8D13-A47ABF21221C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{C2DF0196-DA0F-42E2-9DB5-C4430E242BE8}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{CB1D2243-76BA-4ABF-ACB6-2AC32515E5C3}" = rport=2869 | protocol=6 | dir=out | app=system | 
    "{D32BA0DA-901C-4A82-9CC8-3DB9BD010DA7}" = lport=58323 | protocol=17 | dir=in | name=pando media booster | 
    "{D793A78B-582A-4F8A-AEDA-690839031628}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher | 
    "{DD08BFC8-A1F6-4D1D-9B62-CBBD2490CECD}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{F40C2A0D-485F-4008-865C-2767F396227F}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher | 
    "{F588C814-03F2-471C-9095-94FAAB24AABF}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01B3EF6B-4702-47F0-A2CF-460E4F8B2448}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{02FAEE32-417A-40DC-B376-066BB7D9E0FD}" = protocol=6 | dir=in | app=d:\g\lol\game\league of legends.exe | 
    "{08B05399-4D41-4F1A-A543-82AAAF67F36C}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe | 
    "{0A2DFDB6-D057-4972-B6E4-780B6246A571}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
    "{0BFBC16C-7D8B-4C23-BE6D-9975946DA36E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
    "{0DE0DC36-01F9-41E3-BA0E-7F850281E6F7}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{0EE3FE41-4A68-4B70-B896-6AD7760989A6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
    "{10ADFFA9-CCDE-4323-AD5D-F463442FFF17}" = protocol=6 | dir=in | app=d:\g\world of warcraft\backgrounddownloader.exe | 
    "{1109C3C4-A6AF-4224-BCAF-601DC8256B5F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
    "{11A58502-DCC0-47FF-9C3D-A96C32251255}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
    "{13DBF6B2-3228-4B79-A473-D078A4E766EE}" = protocol=6 | dir=in | app=d:\g\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
    "{16960D25-DCC9-42AC-8D61-AA1776D64F55}" = protocol=6 | dir=in | app=d:\g\lol\lol.launcher.exe | 
    "{16B22574-A9E8-4CF3-8E01-AF16FFE6381F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
    "{1781FE2C-6158-42C8-87F7-4B4BE5032316}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
    "{1B02F107-29D5-42B0-92B5-98B6E500982E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
    "{2164832B-09E6-4485-80F9-14ACF982686B}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
    "{255913B4-7847-457E-A908-238072DE5119}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
    "{29F0BE7B-AA64-4704-B5AC-4F2E83A613C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
    "{2A700B65-9498-40FB-AC83-CA691237485A}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe | 
    "{2AEFAB13-8A5D-4F07-970F-9C404A8B18B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "{3109CF10-7C0C-436A-AE96-2D8DF3FB4EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{33D954BF-96C6-4D11-9B06-10756DACE33D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{37859610-0E91-4A04-BF44-877D09F34317}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
    "{38BC87AC-C28A-47F6-891B-C763CBD8F3E7}" = protocol=17 | dir=in | app=d:\g\lol\game\league of legends.exe | 
    "{3A15FC70-4B62-4D89-BE61-EEB46F164FFF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
    "{3EB1CCF9-DDB1-4AC9-9423-0E183FFEEBFA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{3ECBB664-2DAF-4DCE-AFF4-1CBBDB3E8F6F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{416CB5DC-804A-4C58-ADCB-BD551C8E1346}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{4523B5F2-68BE-4468-A556-04AFCC6E232D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{477EA0D8-8DD2-439A-9D38-F04FFBA2CBA5}" = protocol=6 | dir=in | app=d:\g\steam\steam.exe | 
    "{4AADB9F9-46D4-4B8E-8594-A057B91E01D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{4E90CFCD-81BB-413F-982D-20C335DCF50F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{4FB60F92-11AF-4ED6-B821-F05E861B02AF}" = protocol=6 | dir=in | app=d:\g\lol\game\league of legends.exe | 
    "{50E05CE0-0396-42BB-AE2B-0A6A9ACCE09D}" = protocol=17 | dir=in | app=d:\g\lol\air\lolclient.exe | 
    "{53DB2A8D-35FB-4A5B-91D6-026F416871B9}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
    "{56B132A8-F940-4998-874A-D8DC7C43B36D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
    "{5852B607-1619-45D0-99CC-F287A5E40F99}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{5A1D3629-16BE-46F7-A741-7EACCEE62476}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
    "{605036C6-9CB5-478D-B90C-237E046F5CFE}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe | 
    "{61E5D59C-0794-4CA2-8558-6D2D638AB460}" = protocol=17 | dir=in | app=d:\g\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
    "{62807DD0-D6EF-4603-94C2-035279868B16}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
    "{655F7493-68C6-4795-8847-483F20686A31}" = protocol=17 | dir=in | app=d:\g\world of warcraft\blizzard downloader.exe | 
    "{65E9E46F-3C5D-46EE-8928-901F12640DF5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{678C0AD0-8F24-44CA-AF91-41BDE5FC77EB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{6EE8F3BF-7BB6-4382-A148-1423032BDB94}" = protocol=6 | dir=in | app=d:\g\lol\air\lolclient.exe | 
    "{6FEB7FD8-19D9-4DBD-9521-E5118EF4EEBA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{6FF07ECE-E369-4DF0-9FAB-3D663A5D9017}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
    "{74F22F61-C792-4E50-8985-7CFE5DAEE1B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
    "{7690AFBC-9565-4F17-9E71-51E55DDA4476}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
    "{76E332FC-558D-47D0-A74B-29893AD716A8}" = protocol=17 | dir=in | app=d:\g\lol\air\lolclient.exe | 
    "{7775B666-3E6B-483E-9F40-7BFC46AD7CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{7A06E495-C9D1-4B6C-941B-D856509CFB8B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
    "{7D04D513-FF9C-4DDE-AA08-A4DFD804F3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{7D7B88E9-B162-4C4A-B0D7-CAA812DCAD49}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
    "{7FC5E788-0700-42E0-80DD-98251284FAAE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
    "{82390CB7-787A-436F-AFC4-EBBD616E2E49}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{83591F27-70EF-45D4-A6AF-B7535AB6512A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{85014684-EF57-46CE-92CA-0695C022A256}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
    "{86FF0E9D-7ABB-47BF-91A5-667899F1B00E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
    "{8D531AF7-6B17-436E-8CB8-F47145BB6D52}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
    "{930E4D6D-1CF2-4679-A393-646BA6DEB69F}" = protocol=6 | dir=in | app=d:\g\bf2\bf2.exe | 
    "{9AD367B3-D08B-4D9A-9710-6ADD3204B64F}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
    "{9B663195-1CF1-4D80-9F02-5A4676B56C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
    "{9C18D01E-AD8E-4FB5-80A8-E7569EC89155}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
    "{9CCA1CAD-0C46-445B-A2DE-599FEC2E6CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{A03481AC-2857-42F5-AD49-D31DEFB798E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
    "{A15215EB-F8CD-4C14-96EA-CFB446E54D0A}" = protocol=17 | dir=in | app=d:\g\world of warcraft\wow-3.2.0-dede-downloader.exe | 
    "{A334E40C-81AF-4DDB-A171-4760510F9A74}" = protocol=17 | dir=in | app=d:\g\lol\lol.launcher.exe | 
    "{A8BED3C7-2916-46F6-A1C5-7FD9FD304D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
    "{AC22FBBB-7637-42FE-99E2-BBDDA69578F6}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe | 
    "{B253A54A-9F10-43CB-AEF1-7788E2CB6C99}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe | 
    "{B90A9167-9BDC-4563-A1F7-0C9984873B97}" = protocol=17 | dir=in | app=d:\g\world of warcraft\launcher.patch.exe | 
    "{BC098823-B455-42DF-A296-2817442360CC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{BCE99AC1-30A6-4E69-B77B-3205BDD65182}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{BEC3B1A4-0799-44F3-BF46-39681225AB54}" = protocol=6 | dir=in | app=d:\g\world of warcraft\launcher.patch.exe | 
    "{C146A66B-09E9-4B0E-944B-D97B8398321E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
    "{C1BC92C0-063F-4362-8837-0F0F0C60A555}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
    "{C2E930AD-45B6-42B2-A08A-BAF60072A082}" = protocol=17 | dir=in | app=d:\g\lol\game\league of legends.exe | 
    "{C49A76F1-05FD-4C89-BDB4-65D5D56909F1}" = protocol=6 | dir=in | app=d:\g\world of warcraft\blizzard downloader.exe | 
    "{C548C043-420B-4A8E-B8CA-CF860347DA62}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{C72319B0-A48B-4063-9F13-8CA9730F78BB}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
    "{CF8FC4A3-7F80-4E07-8643-40768007F02A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{D3343A18-D7DF-4B1F-B245-0104C1EF44C1}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe | 
    "{D3355978-9854-4D79-BC53-4F8982929960}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe | 
    "{D4EB6B8A-311F-48A4-A168-D7D30128FFFB}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe | 
    "{D9732E24-60D1-4313-96B4-9745960DEF61}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{D9AA68FB-7B3A-479A-AC3B-2800EE8EB630}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{DA63CF36-8E44-436E-BAD5-60E353D97C0B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "{DA925967-6268-4AD3-AF6A-DF9F8AC3B7DF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{DAA8B201-F989-47BF-91A9-ADF2B0E8F53D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{DAFF785D-4187-4E9F-9DF4-91AF52192523}" = protocol=17 | dir=in | app=d:\g\steam\steam.exe | 
    "{E1FC763B-7FD9-4FC4-BDF8-FC4636D74D12}" = protocol=17 | dir=in | app=d:\g\world of warcraft\backgrounddownloader.exe | 
    "{E4EEE991-09A2-4C5C-8FEB-F66270099CD9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
    "{E98C0359-F8D6-48AA-A1D8-1A5FAF349D7D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
    "{EBF27B33-1E56-428E-BE04-16F0E8A9D0EC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
    "{ED9ACD75-8969-4FEF-9886-B781CFA680EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{EF134508-91F2-4A56-A670-5D8A822A96E3}" = protocol=17 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe | 
    "{F14CA00B-9B8B-4967-8E63-16585AE4A4FD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
    "{F1B62D28-5DC8-497C-8F0C-4D56FE8569CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{F2D9040F-9F6E-4708-9AF1-0701D4CCC8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
    "{F3E9E533-FDC4-41BB-B4C7-EB842EBE437A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
    "{F3F6B940-743F-481F-970A-25A3CB6C898D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{F6E00670-1D57-4016-8B42-0ABA77969861}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
    "{F8AF1C8C-B453-4027-8DD7-19B2035EB4DD}" = protocol=6 | dir=in | app=d:\g\world of warcraft\wow-3.2.0-dede-downloader.exe | 
    "{FAD091B4-EA21-4DC2-9E40-3A98E971EBC5}" = protocol=6 | dir=in | app=d:\g\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
    "{FB8F6153-219C-4285-8046-B164EAE2167B}" = protocol=6 | dir=in | app=d:\g\lol\air\lolclient.exe | 
    "{FDD46F37-3852-47DB-A21A-C80F676B1ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
    "{FFD37E1D-11E2-4F07-9C55-3B073B083F0B}" = protocol=17 | dir=in | app=d:\g\bf2\bf2.exe | 
    "TCP Query User{1ADACB51-8855-47AE-AB08-66CC60BFEB0F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "TCP Query User{313A85B5-ABE2-40AC-AFB3-011D763A7858}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
    "TCP Query User{356EE256-0AEF-431C-A27D-B0695C32E064}C:\users\USER\appdata\local\temp\rarsfx1\quake3.exe" = protocol=6 | dir=in | app=c:\users\USER\appdata\local\temp\rarsfx1\quake3.exe | 
    "TCP Query User{3A80FF14-323D-4BAC-85EE-9F4C895E6025}D:\g\cs16\hl.exe" = protocol=6 | dir=in | app=d:\g\cs16\hl.exe | 
    "TCP Query User{46782163-8B8A-43CC-A6D1-D686597D1CD1}D:\g\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\g\world of warcraft\launcher.exe | 
    "TCP Query User{4BA52A5F-E9DF-46AF-B05D-B4BC36065AB5}C:\users\USER\appdata\roaming\duqeci\cyin.exe" = protocol=6 | dir=in | app=c:\users\USER\appdata\roaming\duqeci\cyin.exe | 
    "TCP Query User{63A32047-C198-4A7F-92E5-997A24D4D1CC}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
    "TCP Query User{6B666534-F43A-4919-B10B-12557A7C5B16}D:\down\various\anno 1404\cd_root\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\down\various\anno 1404\cd_root\tools\anno4web.exe | 
    "TCP Query User{769B2D1D-0A67-4E37-809A-E2BE8B6901BE}C:\users\USER\appdata\local\temp\rarsfx0\quake3.exe" = protocol=6 | dir=in | app=c:\users\USER\appdata\local\temp\rarsfx0\quake3.exe | 
    "TCP Query User{8F002D43-9135-4632-BC3A-E997C1111DCC}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "TCP Query User{B34EC04C-E522-423E-A4F5-D85406D9DB33}C:\users\USER\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\USER\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
    "TCP Query User{BB0F14AA-B4DE-42EC-BE4E-A99A184B7EBD}D:\g\anno 1404\cd_root\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\g\anno 1404\cd_root\tools\anno4web.exe | 
    "TCP Query User{BE972B8F-690E-4250-87F7-F92D80823402}D:\g\bl\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\g\bl\gearbox software\borderlands\binaries\borderlands.exe | 
    "TCP Query User{D56F8BBB-54ED-4182-95B1-6EEE8890B77B}D:\down\5t5e7i1exohj184\worms4\worms 4 mayhem.exe" = protocol=6 | dir=in | app=d:\down\5t5e7i1exohj184\worms4\worms 4 mayhem.exe | 
    "UDP Query User{0FD110FF-15C7-4898-B973-5281AC2FF848}D:\down\5t5e7i1exohj184\worms4\worms 4 mayhem.exe" = protocol=17 | dir=in | app=d:\down\5t5e7i1exohj184\worms4\worms 4 mayhem.exe | 
    "UDP Query User{2083360D-67EB-4780-81B6-08E52BEAC1E7}D:\down\various\anno 1404\cd_root\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\down\various\anno 1404\cd_root\tools\anno4web.exe | 
    "UDP Query User{2E394A47-6C6D-4482-A137-630B0819554A}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
    "UDP Query User{44650E70-C9BA-4BF2-A219-F6344B605E2A}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
    "UDP Query User{48C8B713-DBFD-4DDD-A97C-C2BAB20D4E39}C:\users\USER\appdata\local\temp\rarsfx0\quake3.exe" = protocol=17 | dir=in | app=c:\users\USER\appdata\local\temp\rarsfx0\quake3.exe | 
    "UDP Query User{52D43FBF-172B-4C9B-8DB2-EAD799FC7AF6}D:\g\cs16\hl.exe" = protocol=17 | dir=in | app=d:\g\cs16\hl.exe | 
    "UDP Query User{66C7C782-30FA-40CB-B420-AAA33DFC7A7A}D:\g\anno 1404\cd_root\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\g\anno 1404\cd_root\tools\anno4web.exe | 
    "UDP Query User{94B2F868-0C31-4E8F-BD6D-4DF3615AE5A2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{984C5BB1-F93A-4BDE-88F1-E4E64D47E392}C:\users\USER\appdata\roaming\duqeci\cyin.exe" = protocol=17 | dir=in | app=c:\users\USER\appdata\roaming\duqeci\cyin.exe | 
    "UDP Query User{A2BE54C3-73F2-40AE-812D-26665958D35C}C:\users\USER\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\USER\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
    "UDP Query User{A8789258-A2EB-4377-93E7-8010E976A4AF}D:\g\bl\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\g\bl\gearbox software\borderlands\binaries\borderlands.exe | 
    "UDP Query User{B033564C-7BB5-4762-8D4E-3AEB88A5454C}D:\g\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\g\world of warcraft\launcher.exe | 
    "UDP Query User{B97032BB-3F35-4187-BCF9-633C5CCEFA45}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "UDP Query User{F0E89B57-0423-4078-9967-A5B3D8A22202}C:\users\USER\appdata\local\temp\rarsfx1\quake3.exe" = protocol=17 | dir=in | app=c:\users\USER\appdata\local\temp\rarsfx1\quake3.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
    "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
    "{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NVIDIA Drivers" = NVIDIA Drivers
    "Recuva" = Recuva
    "Unlocker" = Unlocker 1.9.0-x64
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
    "{2BDFC179-CA30-4888-B16E-DD995C9A3473}" = Mobile Mouse Server
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{37257e86-fd2f-4bf7-9b88-cdae0a38324b}" = Nero 9
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
    "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9B9DAB2F-DEEA-45D5-A812-15C1628F99E0}" = Stereoscopic Player
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
    "Audacity_is1" = Audacity 1.2.6
    "AVG9Uninstall" = AVG Free 9.0
    "AVMWLANCLI" = AVM FRITZ!WLAN
    "Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
    "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
    "Counter-Strike 1.6 V40" = Counter-Strike 1.6 V40
    "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
    "Easy Video Joiner_is1" = Easy Video Joiner 5.21
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
    "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
    "Free YouTube Download_is1" = Free YouTube Download 2.8
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
    "FreeCommander_is1" = FreeCommander 2009.02
    "ImgBurn" = ImgBurn
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "League of Legends_is1" = League of Legends
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
    "mv61xxDriver" = marvell 61xx
    "Network Stumbler" = Network Stumbler 0.4.0 (remove only)
    "Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
    "Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
    "Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
    "Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
    "Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
    "Steam App 550" = Left 4 Dead 2
    "Steam App 630" = Alien Swarm
    "Steamless Portal Pack" = Steamless Portal Pack
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TomTom HOME" = TomTom HOME 2.7.3.1894
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.0.1
    "WavePad" = WavePad Sound Editor
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR
    "World of Warcraft" = World of Warcraft
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Octoshape Streaming Services" = Octoshape Streaming Services
    "Winamp Detect" = Winamp Erkennungs-Plug-in
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 20.11.2010 21:20:35 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
    Description = 448: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
     vom Remotehost geschlossen.)
     
    Error - 20.11.2010 21:22:55 | Computer Name = USER-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description = 
     
    Error - 20.11.2010 21:23:38 | Computer Name = USER-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 21.11.2010 09:20:39 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
    Description = 448: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
     vom Remotehost geschlossen.)
     
    Error - 21.11.2010 09:23:45 | Computer Name = USER-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 21.11.2010 09:29:34 | Computer Name = USER-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description = 
     
    Error - 21.11.2010 09:29:35 | Computer Name = USER-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
     oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
     
    Error - 21.11.2010 09:29:35 | Computer Name = USER-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
     oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
     
    Error - 21.11.2010 09:29:35 | Computer Name = USER-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
     "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
     mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
     sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
     
    Error - 21.11.2010 09:29:35 | Computer Name = USER-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
     "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
     mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
     sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
     
    [ System Events ]
    Error - 20.05.2010 22:46:56 | Computer Name = USER-PC | Source = HTTP | ID = 15016
    Description = 
     
    Error - 20.05.2010 22:48:07 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 21.05.2010 09:16:00 | Computer Name = USER-PC | Source = HTTP | ID = 15016
    Description = 
     
    Error - 21.05.2010 09:17:12 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 22.05.2010 07:29:51 | Computer Name = USER-PC | Source = HTTP | ID = 15016
    Description = 
     
    Error - 22.05.2010 07:31:05 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 23.05.2010 08:46:21 | Computer Name = USER-PC | Source = HTTP | ID = 15016
    Description = 
     
    Error - 23.05.2010 08:47:35 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 24.05.2010 08:32:14 | Computer Name = USER-PC | Source = HTTP | ID = 15016
    Description = 
     
    Error - 24.05.2010 08:33:24 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
     
    < End of report >

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.733

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, dazu:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
    ► Falls es Meldung/Bericht von deinem Antivirenprogramm oder andere Schutzprogramme gibt, bitte posten! Was gefunden und vor allem wo...

    1.
    Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
    Am Ende unserer Arbeit, kannst wieder rückgängig machen!

    2.
    Systemdetails mit RSIT prüfen
    • Lade Random's System Information Tool (RSIT) von random/random herunter,
    • speichere es auf Deinem Desktop.
    • Schließe alle Fenster und Programme inkl. Browser.
    • Starte mit Doppelklick die RSIT.exe.
    • Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
    • Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
    • In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
    • Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
    • Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
    • Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
    • Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt) hier in den Thread.


    3.
    "Dateiliste mit HJTscanlist.bat erstellen"
    Lade dir HJTscanlist.zip. -(Punkt 6) herunter ( den angegebenen Link anklicken ► Punkt 6. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

    4.
    • Download den CCleaner ► klick auf " [COLOR="Blue"] - Download from Piriform.com
    • Software-Lizenzvereinbarung lesen, falls angeboten wird ("Füge CCleaner Yahoo! Toolbar hinzu" - abwählen!)-> starten -> Falls nötig, unter Options settings -> "german" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]
    gruß
    argos
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger
    Registriert seit
    21.11.2010
    Beiträge
    9

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    hi, danke für die antwort
    war paar tage weg, aber jetzt :S

    1. hatte ich schon
    2.
    log.txt

    Code:
    Logfile of random's system information tool 1.08 (written by random/random)
    Run by USER at 2010-11-26 23:18:08
    Microsoft® Windows Vista™ Ultimate  Service Pack 1
    System drive C: has 106 GB (53%) free of 200 GB
    Total RAM: 6134 MB (41% free)
    
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:18:14, on 26.11.2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18527)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
    C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    D:\down\RSIT.exe
    C:\Program Files (x86)\trend micro\USER.exe
    
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O8 - Extra context menu item: Free YouTube Download - C:\Users\USER\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Gatewaydienst auf Anwendungsebene (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ast Service - Unknown owner - C:\Windows\system32\\AstSrv.exe (file missing)
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 7014 bytes
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-08 41760]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
    "AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-11-25 2069344]
    "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-18 421888]
    "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-06-15 141624]
    "AVMWlanClient"=C:\Program Files (x86)\avmwlanstick\wlangui.exe [2009-03-20 1904640]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "ConsentPromptBehaviorAdmin"=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=0
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Users\USER\AppData\Roaming\file-)#.exe"="C:\Users\USER\AppData\Roaming\file-)#.exe:*:Enabled:@xpsp2res.dll,-22019"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    
    ======List of files/folders created in the last 1 months======
    
    2010-11-26 23:15:00 ----D---- C:\Program Files (x86)\trend micro
    2010-11-26 23:14:59 ----D---- C:\rsit
    2010-11-21 18:04:18 ----D---- C:\Program Files (x86)\MSXML 4.0
    2010-11-21 17:41:00 ----A---- C:\Windows\SysWOW64\nshhttp.dll
    2010-11-21 17:40:59 ----A---- C:\Windows\SysWOW64\httpapi.dll
    2010-11-21 17:38:14 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
    2010-11-21 17:38:14 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
    2010-11-21 17:38:14 ----A---- C:\Windows\SysWOW64\netfxperf.dll
    2010-11-21 17:38:14 ----A---- C:\Windows\SysWOW64\mscoree.dll
    2010-11-21 17:38:14 ----A---- C:\Windows\SysWOW64\dfshim.dll
    2010-11-21 17:18:48 ----A---- C:\Windows\SysWOW64\mshtml.dll
    2010-11-21 17:18:47 ----A---- C:\Windows\SysWOW64\wininet.dll
    2010-11-21 17:18:47 ----A---- C:\Windows\SysWOW64\urlmon.dll
    2010-11-21 17:18:47 ----A---- C:\Windows\SysWOW64\occache.dll
    2010-11-21 17:18:47 ----A---- C:\Windows\SysWOW64\msfeeds.dll
    2010-11-21 17:18:47 ----A---- C:\Windows\SysWOW64\ieframe.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\mstime.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\mshtmled.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\iertutil.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\iepeers.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\ieencode.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
    2010-11-21 17:18:46 ----A---- C:\Windows\SysWOW64\ieaksie.dll
    2010-11-21 17:18:45 ----A---- C:\Windows\SysWOW64\jsproxy.dll
    2010-11-21 17:18:09 ----A---- C:\Windows\SysWOW64\WMNetMgr.dll
    2010-11-21 17:18:09 ----A---- C:\Windows\SysWOW64\logagent.exe
    2010-11-21 17:17:32 ----A---- C:\Windows\SysWOW64\sdohlp.dll
    2010-11-21 17:17:32 ----A---- C:\Windows\SysWOW64\iasrecst.dll
    2010-11-21 17:17:32 ----A---- C:\Windows\SysWOW64\iashost.exe
    2010-11-21 17:17:32 ----A---- C:\Windows\SysWOW64\iasdatastore.dll
    2010-11-21 17:17:32 ----A---- C:\Windows\SysWOW64\iasads.dll
    2010-11-21 17:15:55 ----A---- C:\Windows\SysWOW64\kerberos.dll
    2010-11-21 17:15:13 ----A---- C:\Windows\SysWOW64\wmp.dll
    2010-11-21 17:15:12 ----A---- C:\Windows\SysWOW64\wmploc.DLL
    2010-11-21 17:14:33 ----A---- C:\Windows\SysWOW64\WMVCORE.DLL
    2010-11-21 17:14:32 ----A---- C:\Windows\SysWOW64\mf.dll
    2010-11-21 17:13:39 ----A---- C:\Windows\SysWOW64\shell32.dll
    2010-11-21 17:13:02 ----A---- C:\Windows\SysWOW64\wdigest.dll
    2010-11-21 17:13:02 ----A---- C:\Windows\SysWOW64\msv1_0.dll
    2010-11-21 17:13:01 ----A---- C:\Windows\SysWOW64\secur32.dll
    2010-11-21 17:12:47 ----A---- C:\Windows\SysWOW64\mfc40u.dll
    2010-11-21 17:12:47 ----A---- C:\Windows\SysWOW64\mfc40.dll
    2010-11-21 17:12:44 ----A---- C:\Windows\SysWOW64\kernel32.dll
    2010-11-21 17:12:44 ----A---- C:\Windows\SysWOW64\apilogen.dll
    2010-11-21 17:12:44 ----A---- C:\Windows\SysWOW64\amxread.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\msyuv.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\msvidc32.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\msvfw32.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\msrle32.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\mciavi32.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\avifil32.dll
    2010-11-21 17:12:20 ----A---- C:\Windows\SysWOW64\avicap32.dll
    2010-11-21 17:11:58 ----A---- C:\Windows\SysWOW64\ole32.dll
    2010-11-21 17:11:52 ----A---- C:\Windows\SysWOW64\wmpdxm.dll
    2010-11-21 17:11:52 ----A---- C:\Windows\SysWOW64\spwmp.dll
    2010-11-21 17:11:51 ----A---- C:\Windows\SysWOW64\dxmasf.dll
    2010-11-21 17:11:04 ----A---- C:\Windows\SysWOW64\tzres.dll
    2010-11-21 17:10:54 ----A---- C:\Windows\SysWOW64\msxml3.dll
    2010-11-21 17:10:47 ----A---- C:\Windows\SysWOW64\comctl32.dll
    2010-11-21 17:10:45 ----A---- C:\Windows\SysWOW64\fontsub.dll
    2010-11-21 17:10:45 ----A---- C:\Windows\SysWOW64\dciman32.dll
    2010-11-21 17:10:45 ----A---- C:\Windows\SysWOW64\atmlib.dll
    2010-11-21 17:10:45 ----A---- C:\Windows\SysWOW64\atmfd.dll
    2010-11-21 17:10:43 ----A---- C:\Windows\SysWOW64\vbscript.dll
    2010-11-21 17:10:23 ----A---- C:\Windows\SysWOW64\inetcomm.dll
    2010-11-21 17:10:15 ----A---- C:\Windows\SysWOW64\msshsq.dll
    2010-11-21 17:10:11 ----A---- C:\Windows\SysWOW64\wintrust.dll
    2010-11-21 17:10:10 ----A---- C:\Windows\SysWOW64\usp10.dll
    2010-11-21 17:10:08 ----A---- C:\Windows\SysWOW64\asycfilt.dll
    2010-11-21 17:10:06 ----A---- C:\Windows\SysWOW64\cabview.dll
    2010-11-21 17:10:05 ----A---- C:\Windows\SysWOW64\iccvid.dll
    2010-11-21 17:10:04 ----A---- C:\Windows\SysWOW64\schannel.dll
    2010-11-21 17:09:34 ----A---- C:\Windows\SysWOW64\quartz.dll
    2010-11-21 17:09:33 ----A---- C:\Windows\SysWOW64\t2embed.dll
    2010-11-21 17:09:32 ----A---- C:\Windows\SysWOW64\wmpmde.dll
    2010-11-21 17:09:28 ----A---- C:\Windows\SysWOW64\MP4SDECD.DLL
    2010-11-21 17:09:27 ----A---- C:\Windows\SysWOW64\rtutils.dll
    2010-11-21 17:09:25 ----A---- C:\Windows\SysWOW64\jscript.dll
    2010-11-21 17:09:18 ----A---- C:\Windows\SysWOW64\localspl.dll
    2010-11-21 17:08:15 ----A---- C:\Windows\SysWOW64\msxml6.dll
    2010-11-21 17:08:14 ----A---- C:\Windows\SysWOW64\WSDApi.dll
    2010-11-21 17:08:14 ----A---- C:\Windows\SysWOW64\winhttp.dll
    2010-11-21 17:08:13 ----A---- C:\Windows\SysWOW64\es.dll
    2010-11-21 17:08:12 ----A---- C:\Windows\SysWOW64\rastls.dll
    2010-11-21 17:08:12 ----A---- C:\Windows\SysWOW64\raschap.dll
    2010-11-21 17:07:00 ----A---- C:\Windows\SysWOW64\msasn1.dll
    2010-11-21 17:06:59 ----A---- C:\Windows\SysWOW64\wmpeffects.dll
    2010-11-21 17:06:58 ----A---- C:\Windows\SysWOW64\dataclen.dll
    2010-11-21 17:06:16 ----A---- C:\Windows\SysWOW64\atl.dll
    2010-11-21 17:06:15 ----A---- C:\Windows\SysWOW64\explorer.exe
    2010-11-21 17:06:15 ----A---- C:\Windows\explorer.exe
    2010-11-21 17:06:14 ----A---- C:\Windows\SysWOW64\netapi32.dll
    2010-11-17 07:01:38 ----D---- C:\Program Files (x86)\ICQ7.2
    2010-11-15 02:04:43 ----A---- C:\Windows\ntbtlog.txt
    2010-11-15 01:35:46 ----D---- C:\Users\USER\AppData\Roaming\Malwarebytes
    2010-11-15 01:35:39 ----D---- C:\ProgramData\Malwarebytes
    2010-11-15 01:35:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-15 01:35:39 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
    2010-11-11 16:24:13 ----A---- C:\Windows\SysWOW64\pncrt.dll
    2010-11-11 16:22:00 ----D---- C:\Program Files (x86)\FreeTime
    2010-11-06 00:41:31 ----D---- C:\Program Files (x86)\Celebrity Toolbar
    2010-11-05 00:39:35 ----D---- C:\Users\USER\AppData\Roaming\5006
    2010-11-05 00:38:30 ----A---- C:\Users\USER\AppData\Roaming\srvblck2.tmp
    2010-11-05 00:38:24 ----D---- C:\Users\USER\AppData\Roaming\xmldm
    
    ======List of files/folders modified in the last 1 months======
    
    2010-11-26 23:16:38 ----D---- C:\Windows\Prefetch
    2010-11-26 23:15:00 ----RD---- C:\Program Files (x86)
    2010-11-26 22:42:56 ----D---- C:\Windows\System32
    2010-11-26 22:42:56 ----D---- C:\Windows\inf
    2010-11-26 18:05:04 ----D---- C:\Windows\Temp
    2010-11-26 05:13:56 ----SHD---- C:\System Volume Information
    2010-11-26 00:44:07 ----D---- C:\Users\USER\AppData\Roaming\ICQ
    2010-11-25 03:42:36 ----D---- C:\Users\USER\AppData\Roaming\vlc
    2010-11-21 19:13:06 ----D---- C:\Windows\Microsoft.NET
    2010-11-21 19:13:03 ----RSD---- C:\Windows\assembly
    2010-11-21 18:30:45 ----D---- C:\Windows\rescache
    2010-11-21 18:25:57 ----D---- C:\Windows\winsxs
    2010-11-21 18:12:14 ----AD---- C:\Windows
    2010-11-21 18:12:02 ----D---- C:\Windows\SysWOW64\wbem
    2010-11-21 18:12:02 ----D---- C:\Windows\SysWOW64\de-DE
    2010-11-21 18:12:02 ----D---- C:\Windows\SysWOW64
    2010-11-21 18:12:01 ----D---- C:\Windows\ehome
    2010-11-21 18:12:00 ----D---- C:\Windows\SysWOW64\manifeststore
    2010-11-21 18:12:00 ----D---- C:\Windows\AppPatch
    2010-11-21 18:04:51 ----SHD---- C:\Windows\Installer
    2010-11-21 17:49:00 ----D---- C:\Program Files (x86)\Windows Media Player
    2010-11-21 17:48:59 ----D---- C:\Windows\SysWOW64\migration
    2010-11-21 17:48:59 ----D---- C:\Program Files (x86)\Internet Explorer
    2010-11-21 17:48:58 ----D---- C:\Program Files (x86)\Windows Mail
    2010-11-21 17:35:05 ----D---- C:\Windows\Debug
    2010-11-21 14:41:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
    2010-11-21 02:22:49 ----D---- C:\ProgramData\avg9
    2010-11-21 02:19:34 ----RD---- C:\Program Files
    2010-11-21 01:18:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2010-11-21 01:04:44 ----D---- C:\Windows\Tasks
    2010-11-21 01:04:44 ----D---- C:\Users\USER\AppData\Roaming\Winamp
    2010-11-21 01:04:43 ----D---- C:\Windows\registration
    2010-11-17 07:14:21 ----D---- C:\Program Files (x86)\ICQ-Banner-Remover
    2010-11-15 13:18:15 ----D---- C:\Users\USER\AppData\Roaming\Media Player Classic
    2010-11-15 01:35:39 ----HD---- C:\ProgramData
    2010-11-15 01:35:39 ----D---- C:\Windows\SysWOW64\drivers
    2010-11-14 15:27:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
    2010-11-14 11:14:24 ----D---- C:\Users\USER\AppData\Roaming\dvdcss
    2010-11-06 00:55:53 ----D---- C:\ProgramData\FLEXnet
    2010-10-31 20:17:26 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys []
    R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys []
    R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
    R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
    R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
    R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
    R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
    R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
    R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
    S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys []
    S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys []
    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
    S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
    S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys []
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
    S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
    S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
    S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS [2004-03-24 17280]
    S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
    S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys []
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
    R2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
    R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [2009-03-20 368640]
    R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
    R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
    R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 653616]
    S2 Ast Service;Ast Service; C:\Windows\system32\\AstSrv.exe []
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
    S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-26 654848]
    S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
    S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-04-02 332720]
    
    -----------------EOF-----------------
    info.txt

    Code:
    info.txt logfile of random's system information tool 1.08 2010-11-26 23:15:37
    
    ======Uninstall list======
    
    -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
    AC3Filter 1.63b-->"C:\Program Files (x86)\AC3Filter\unins000.exe"
    Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
    Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Alien Swarm-->"D:\G\STEAM\steam.exe" steam://uninstall/630
    Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Armagetron Advanced 0.2.8.3.1.gcc-->C:\Program Files (x86)\Armagetron Advanced\uninst.exe
    Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
    AVG Free 9.0-->C:\Program Files (x86)\AVG\AVG9\setup.exe /UNINSTALL
    AVM FRITZ!WLAN-->C:\Program Files (x86)\avmwlanstick\instwcli.exe -d1
    Battlefield 2(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7  -removeonly
    Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
    Canon MP630 series Benutzerregistrierung-->C:\Program Files (x86)\Canon\IJEREG\MP630 series\UNINST.EXE
    Combined Community Codec Pack 2010-10-10-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe"
    Command & Conquer Generals-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
    Counter-Strike 1.6 V40-->D:\G\CS16\Uninstal.exe
    DVDVideoSoftTB Toolbar-->C:\PROGRA~2\DVDVID~2\UNWISE.EXE   /U C:\PROGRA~2\DVDVID~2\INSTALL.LOG  
    Easy Video Joiner 5.21-->"C:\Program Files (x86)\Easy Video Joiner\unins000.exe"
    Free Audio CD Burner version 1.2-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
    Free WMA to MP3 Converter 1.16-->"C:\Program Files (x86)\Free WMA to MP3 Converter\unins000.exe"
    Free YouTube Download 2.8-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\unins000.exe"
    Free YouTube to MP3 Converter version 3.2-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
    FreeCommander 2009.02-->"C:\Program Files (x86)\FreeCommander\unins000.exe"
    GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
    GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
    ICQ 7.2 Build #3159 Banner Remover 1.0-->"C:\Program Files (x86)\ICQ-Banner-Remover\unins000.exe"
    ICQ7.2-->"C:\Program Files (x86)\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
    ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
    Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    League of Legends-->"D:\G\LOL\unins000.exe"
    Left 4 Dead 2-->"D:\G\STEAM\steam.exe" steam://uninstall/550
    Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
    marvell 61xx-->C:\Program Files (x86)\Marvell\61xx\uninst-61xx.exe
    Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
    Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
    Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
    Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
    Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
    Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{09298F26-A95C-31E2-9D95-2C60F586F075}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Mobile Mouse Server-->MsiExec.exe /I{2BDFC179-CA30-4888-B16E-DD995C9A3473}
    Mozilla Firefox (3.6.12)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (3.1.6)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Network Stumbler 0.4.0 (remove only)-->"C:\Program Files (x86)\Network Stumbler\uninst.exe"
    NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
    Opera 10.53-->MsiExec.exe /X{70312451-0D00-4A84-B9B1-0D59B5180A4F}
    Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
    Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Steamless Portal Pack-->D:\G\P\uninstall.exe
    Stereoscopic Player-->MsiExec.exe /I{9B9DAB2F-DEEA-45D5-A812-15C1628F99E0}
    Supreme Commander-->C:\Program Files (x86)\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0007 -removeonly
    Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal-->"D:\G\STEAM\steam.exe" steam://uninstall/31170
    Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay-->"D:\G\STEAM\steam.exe" steam://uninstall/31180
    Tales of Monkey Island: Chapter 3 - Lair of the Leviathan-->"D:\G\STEAM\steam.exe" steam://uninstall/31190
    Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood-->"D:\G\STEAM\steam.exe" steam://uninstall/31200
    Tales of Monkey Island: Chapter 5 - Rise of the Pirate God-->"D:\G\STEAM\steam.exe" steam://uninstall/31210
    TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
    TomTom HOME 2.7.3.1894-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
    TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
    Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    VirtualCloneDrive-->"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive"
    Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
    VLC media player 1.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    WavePad Sound Editor-->C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe
    Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
    WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
    World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe
    
    ======Hosts File======
    
    127.0.0.1 im.adtech.de
    127.0.0.1 adserver.adtech.de
    127.0.0.1 adtech.de
    127.0.0.1 ar.atwola.com
    127.0.0.1 atwola.com
    127.0.0.1 adserver.71i.de
    127.0.0.1 adicqserver.71i.de
    127.0.0.1 71i.de
    
    ======Security center information======
    
    AS: Windows Defender
    
    ======System event log======
    
    Computer Name: USER-PC
    Event Code: 33
    Message: Die älteste Schattenkopie von Volume "C:" wurde gelöscht, um den Datenträger-Speicherplatz für Schattenkopien auf Volume "C:" unterhalb des benutzerdfinierten Limits zu belassen.
    Record Number: 90698
    Source Name: volsnap
    Time Written: 20101126041356.864000-000
    Event Type: Informationen
    User: 
    
    Computer Name: USER-PC
    Event Code: 6013
    Message: Die aktive Systemzeit ist 258225 Sekunden.
    Record Number: 90699
    Source Name: EventLog
    Time Written: 20101126110000.000000-000
    Event Type: Informationen
    User: 
    
    Computer Name: USER-PC
    Event Code: 14000
    Message: MTP WPD Driver wurde erfolgreich gestartet.
    Record Number: 90700
    Source Name: Microsoft-Windows-WPD-MTPClassDriver
    Time Written: 20101126115604.000000-000
    Event Type: Informationen
    User: 
    
    Computer Name: USER-PC
    Event Code: 4226
    Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
    Record Number: 90701
    Source Name: Tcpip
    Time Written: 20101126214615.038000-000
    Event Type: Warnung
    User: 
    
    Computer Name: USER-PC
    Event Code: 4226
    Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
    Record Number: 90702
    Source Name: Tcpip
    Time Written: 20101126215647.002000-000
    Event Type: Warnung
    User: 
    
    =====Application event log=====
    
    Computer Name: USER-PC
    Event Code: 100
    Message: Client application bug: DNSServiceResolve(BZDN1771309693-QkxaMDAwMjBGQTZDREJERkNGRkU0RTE5QDBCRUUxOEY2OQ==._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.
    Record Number: 17168
    Source Name: Bonjour Service
    Time Written: 20101126214914.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: USER-PC
    Event Code: 100
    Message: 448: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.)
    Record Number: 17169
    Source Name: Bonjour Service
    Time Written: 20101126214914.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: USER-PC
    Event Code: 100
    Message: 456: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.)
    Record Number: 17170
    Source Name: Bonjour Service
    Time Written: 20101126214914.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: USER-PC
    Event Code: 100
    Message: 500: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.)
    Record Number: 17171
    Source Name: Bonjour Service
    Time Written: 20101126214914.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: USER-PC
    Event Code: 100
    Message: Client application bug: DNSServiceResolve(BZDN1832258235-QkxaMDAwMjBGQTZDREJERkNGRkU0RTE5QDkwUEM1OTg5Nw==._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.
    Record Number: 17172
    Source Name: Bonjour Service
    Time Written: 20101126215244.000000-000
    Event Type: Fehler
    User: 
    
    =====Security event log=====
    
    Computer Name: USER-PC
    Event Code: 4634
    Message: Ein Konto wurde abgemeldet.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-21-2908526142-1359912759-1687764847-1000
    	Kontoname:		USER
    	Kontodomäne:		USER-PC
    	Anmelde-ID:		0x197172b4
    
    Anmeldetyp:			7
    
    Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
    Record Number: 29279
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20101126114340.510000-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: USER-PC
    Event Code: 4648
    Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		USER-PC$
    	Kontodomäne:		WORKGROUP
    	Anmelde-ID:		0x3e7
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Konto, dessen Anmeldeinformationen verwendet wurden:
    	Kontoname:		USER
    	Kontodomäne:		USER-PC
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Zielserver:
    	Zielservername:	localhost
    	Weitere Informationen:	localhost
    
    Prozessinformationen:
    	Prozess-ID:		0x468
    	Prozessname:		C:\Windows\System32\winlogon.exe
    
    Netzwerkinformationen:
    	Netzwerkadresse:	127.0.0.1
    	Port:			0
    
    Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
    Record Number: 29280
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20101126213612.531000-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: USER-PC
    Event Code: 4624
    Message: Ein Konto wurde erfolgreich angemeldet.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-18
    	Kontoname:		USER-PC$
    	Kontodomäne:		WORKGROUP
    	Anmelde-ID:		0x3e7
    
    Anmeldetyp:			7
    
    Neue Anmeldung:
    	Sicherheits-ID:		S-1-5-21-2908526142-1359912759-1687764847-1000
    	Kontoname:		USER
    	Kontodomäne:		USER-PC
    	Anmelde-ID:		0x215d72f3
    	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}
    
    Prozessinformationen:
    	Prozess-ID:		0x468
    	Prozessname:		C:\Windows\System32\winlogon.exe
    
    Netzwerkinformationen:
    	Arbeitsstationsname:	USER-PC
    	Quellnetzwerkadresse:	127.0.0.1
    	Quellport:		0
    
    Detaillierte Authentifizierungsinformationen:
    	Anmeldeprozess:		User32 
    	Authentifizierungspaket:	Negotiate
    	Übertragene Dienste:	-
    	Paketname (nur NTLM):	-
    	Schlüssellänge:		0
    
    Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
    
    Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
    
    Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
    
    Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
    
    Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
    
    Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
    	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
    	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
    	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
    	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
    Record Number: 29281
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20101126213612.531000-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: USER-PC
    Event Code: 4672
    Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-21-2908526142-1359912759-1687764847-1000
    	Kontoname:		USER
    	Kontodomäne:		USER-PC
    	Anmelde-ID:		0x215d72f3
    
    Berechtigungen:		SeSecurityPrivilege
    			SeTakeOwnershipPrivilege
    			SeLoadDriverPrivilege
    			SeBackupPrivilege
    			SeRestorePrivilege
    			SeDebugPrivilege
    			SeSystemEnvironmentPrivilege
    			SeImpersonatePrivilege
    Record Number: 29282
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20101126213612.531000-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: USER-PC
    Event Code: 4634
    Message: Ein Konto wurde abgemeldet.
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-21-2908526142-1359912759-1687764847-1000
    	Kontoname:		USER
    	Kontodomäne:		USER-PC
    	Anmelde-ID:		0x215d72f3
    
    Anmeldetyp:			7
    
    Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
    Record Number: 29283
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20101126213612.532000-000
    Event Type: Überwachung erfolgreich
    User: 
    
    ======Environment variables======
    
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=AMD64
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=1a04
    "NUMBER_OF_PROCESSORS"=8
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
    "DFSTRACINGON"=FALSE
    "asl.log"=Destination=file;OnFirstLog=command,environment,parent
    "CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
    
    -----------------EOF-----------------

    3. hjtscanlist.txt

    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.0.6001]
     
     
    C:
    
      26.11.2010 23:15     C:\rsit --------- 0   
      26.11.2010 23:15     C:\Program Files (x86) --------- 28672   
      26.11.2010 05:13     C:\System Volume Information --------- 28672   
           C:\pagefile.sys ---------    
      21.11.2010 18:12     C:\Windows --------- 24576   
      21.11.2010 02:19     C:\Program Files --------- 8192   
      15.11.2010 01:35     C:\ProgramData --------- 8192   
      04.08.2010 12:11     C:\Users --------- 4096   
      18.04.2010 15:31     C:\NETZWERKTESTORDNER --------- 0   
      03.04.2010 06:31     C:\temp --------- 0   
      14.03.2010 15:20     C:\$AVG --------- 0   
      27.12.2009 23:22     C:\MetaStock Data --------- 0   
      03.11.2009 16:38     C:\MSOCache --------- 0   
      07.09.2009 12:58     C:\BOOTSECT.BAK --------- 8192   
      07.09.2009 12:58     C:\Boot --------- 4096   
      07.09.2009 12:08     C:\$Recycle.Bin --------- 0   
      07.09.2009 12:07     C:\Programme --------- 0   
      07.09.2009 12:07     C:\Dokumente und Einstellungen --------- 0   
      21.01.2008 04:03     C:\PerfLogs --------- 0   
      21.01.2008 03:49     C:\bootmgr --------- 333203   
      02.11.2006 16:41     C:\Documents and Settings --------- 0   
    ----------------------------------------
    
     
    C:\Windows
    
      26.11.2010 01:10     C:\Windows\WindowsUpdate.log --------- 1579218   
      23.11.2010 12:16     C:\Windows\bootstat.dat --------- 67584   
      21.11.2010 18:11     C:\Windows\setupact.log --------- 817   
      21.11.2010 18:04     C:\Windows\msxml4-KB973688-enu.LOG --------- 278214   
      21.11.2010 18:04     C:\Windows\msxml4-KB954430-enu.LOG --------- 279328   
      21.11.2010 17:51     C:\Windows\PFRO.log --------- 894   
      21.11.2010 17:47     C:\Windows\ie8_main.log --------- 2067   
      20.11.2010 16:12     C:\Windows\setuperr.log --------- 0   
      15.11.2010 02:05     C:\Windows\ntbtlog.txt --------- 214032   
      03.04.2010 01:27     C:\Windows\eReg.dat --------- 615   
      02.04.2010 21:26     C:\Windows\win.ini --------- 405   
      01.04.2010 19:07     C:\Windows\WA.INI --------- 90   
      22.03.2010 19:42     C:\Windows\NeroDigital.ini --------- 69   
      07.09.2009 23:20     C:\Windows\nsreg.dat --------- 0   
      07.09.2009 21:27     C:\Windows\Ascd_log.ini --------- 34932   
      07.09.2009 21:27     C:\Windows\Ascd_tmp.ini --------- 34289   
      20.03.2009 01:03     C:\Windows\instwcli.dex --------- 480560   
      20.03.2009 01:03     C:\Windows\instwcli.inf --------- 13099   
      29.10.2008 07:49     C:\Windows\explorer.exe --------- 3080704   
      21.01.2008 04:21     C:\Windows\WindowsShell.Manifest --------- 749   
      21.01.2008 03:50     C:\Windows\HelpPane.exe --------- 734720   
      21.01.2008 03:48     C:\Windows\regedit.exe --------- 161792   
      21.01.2008 03:48     C:\Windows\bfsvc.exe --------- 65536   
      21.01.2008 03:48     C:\Windows\splwow64.exe --------- 39936   
      21.01.2008 03:48     C:\Windows\fveupdate.exe --------- 14848   
      21.01.2008 03:46     C:\Windows\notepad.exe --------- 169472   
      02.11.2006 16:02     C:\Windows\WMSysPr9.prx --------- 316640   
      02.11.2006 16:00     C:\Windows\twunk_16.exe --------- 49680   
      02.11.2006 16:00     C:\Windows\twain_32.dll --------- 50688   
      02.11.2006 16:00     C:\Windows\twunk_32.exe --------- 31232   
      02.11.2006 16:00     C:\Windows\twain.dll --------- 94784   
      02.11.2006 12:15     C:\Windows\hh.exe --------- 15872   
      02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
      02.11.2006 09:26     C:\Windows\mib.bin --------- 43131   
      19.09.2006 12:41     C:\Windows\Ultimate.xml --------- 4261   
      18.09.2006 22:44     C:\Windows\system.ini --------- 219   
      18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
      02.10.1998 19:00     C:\Windows\IsUninst.exe --------- 327168   
    ----------------------------------------
    
     
    C:\Windows\System
    
    ----------------------------------------
    
     
    C:\Windows\System32
    
     26.11.2010 23:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3712  
     26.11.2010 23:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3712  
     26.11.2010 22:42     C:\Windows\system32\perfh009.dat --------- 589884  
     26.11.2010 22:42     C:\Windows\system32\perfc009.dat --------- 106200  
     26.11.2010 22:42     C:\Windows\system32\perfh007.dat --------- 636858  
     26.11.2010 22:42     C:\Windows\system32\perfc007.dat --------- 128374  
     26.11.2010 22:42     C:\Windows\system32\PerfStringBackup.INI --------- 1452134  
     21.11.2010 18:15     C:\Windows\system32\catroot --------- 4096  
     21.11.2010 18:15     C:\Windows\system32\catroot2 --------- 8192  
     21.11.2010 18:14     C:\Windows\system32\FNTCACHE.DAT --------- 2324104  
     21.11.2010 18:12     C:\Windows\system32\drivers --------- 65536  
     21.11.2010 18:12     C:\Windows\system32\wbem --------- 65536  
     21.11.2010 18:12     C:\Windows\system32\de-DE --------- 196608  
     21.11.2010 18:12     C:\Windows\system32\Boot --------- 0  
     21.11.2010 18:12     C:\Windows\system32\manifeststore --------- 0  
     21.11.2010 17:48     C:\Windows\system32\migration --------- 4096  
     21.11.2010 01:06     C:\Windows\system32\Msdtc --------- 4096  
     21.11.2010 01:04     C:\Windows\system32\config --------- 12288  
     21.11.2010 01:04     C:\Windows\system32\spool --------- 4096  
     21.11.2010 01:04     C:\Windows\system32\CodeIntegrity --------- 0  
     02.11.2010 17:14     C:\Windows\system32\mrt.exe --------- 37628360  
     10.09.2010 18:30     C:\Windows\system32\wmp.dll --------- 13425152  
     10.09.2010 16:52     C:\Windows\system32\wmploc.DLL --------- 8147968  
     08.09.2010 17:46     C:\Windows\system32\wininet.dll --------- 1032704  
     08.09.2010 17:46     C:\Windows\system32\urlmon.dll --------- 1426944  
     08.09.2010 17:45     C:\Windows\system32\occache.dll --------- 208896  
     08.09.2010 17:44     C:\Windows\system32\mstime.dll --------- 1129984  
     08.09.2010 17:43     C:\Windows\system32\mshtmled.dll --------- 758784  
     08.09.2010 17:43     C:\Windows\system32\mshtml.dll --------- 5692928  
     08.09.2010 17:43     C:\Windows\system32\msfeeds.dll --------- 590848  
     08.09.2010 17:43     C:\Windows\system32\jsproxy.dll --------- 32256  
     08.09.2010 17:43     C:\Windows\system32\iertutil.dll --------- 375296  
     08.09.2010 17:43     C:\Windows\system32\iepeers.dll --------- 249856  
     08.09.2010 17:43     C:\Windows\system32\ieframe.dll --------- 7015424  
     08.09.2010 17:43     C:\Windows\system32\ieencode.dll --------- 86528  
     08.09.2010 17:43     C:\Windows\system32\iedkcs32.dll --------- 480256  
     08.09.2010 17:43     C:\Windows\system32\ieapfltr.dll --------- 422400  
     08.09.2010 17:43     C:\Windows\system32\ieaksie.dll --------- 267776  
     08.09.2010 16:26     C:\Windows\system32\html.iec --------- 485376  
     08.09.2010 16:00     C:\Windows\system32\mshtml.tlb --------- 1383424  
     31.08.2010 16:21     C:\Windows\system32\comctl32.dll --------- 633856  
     31.08.2010 14:18     C:\Windows\system32\win32k.sys --------- 2751488  
     26.08.2010 17:27     C:\Windows\system32\t2embed.dll --------- 189952  
     20.08.2010 16:56     C:\Windows\system32\wmpmde.dll --------- 1090048  
     17.08.2010 15:04     C:\Windows\system32\spoolsv.exe --------- 267776  
     10.08.2010 16:36     C:\Windows\system32\schannel.dll --------- 343040  
     26.07.2010 16:31     C:\Windows\system32\shell32.dll --------- 12898304  
     15.07.2010 15:41     C:\Windows\system32\avgrssta.dll --------- 13048  
     28.06.2010 17:55     C:\Windows\system32\ole32.dll --------- 1923584  
     24.06.2010 19:03     C:\Windows\system32\Tasks --------- 4096  
     22.06.2010 14:27     C:\Windows\system32\tzres.dll --------- 2048  
     18.06.2010 18:17     C:\Windows\system32\rtutils.dll --------- 50688  
     11.06.2010 17:08     C:\Windows\system32\msxml3.dll --------- 1875456  
     08.06.2010 18:47     C:\Windows\system32\ntoskrnl.exe --------- 4690832  
     02.06.2010 03:55     C:\Windows\system32\XAPOFX1_5.dll --------- 77656  
     02.06.2010 03:55     C:\Windows\system32\XAudio2_7.dll --------- 518488  
     02.06.2010 03:55     C:\Windows\system32\xactengine3_7.dll --------- 176984  
     26.05.2010 17:53     C:\Windows\system32\atmlib.dll --------- 48128  
     26.05.2010 15:56     C:\Windows\system32\atmfd.dll --------- 366080  
     26.05.2010 10:41     C:\Windows\system32\d3dx11_43.dll --------- 276832  
     26.05.2010 10:41     C:\Windows\system32\d3dx10_43.dll --------- 511328  
     26.05.2010 10:41     C:\Windows\system32\d3dcsx_43.dll --------- 1907552  
     26.05.2010 10:41     C:\Windows\system32\D3DCompiler_43.dll --------- 2526056  
     26.05.2010 10:41     C:\Windows\system32\D3DX9_43.dll --------- 2401112  
     18.05.2010 15:55     C:\Windows\system32\dns-sd.exe --------- 119584  
     18.05.2010 15:55     C:\Windows\system32\dnssdX.dll --------- 237856  
     18.05.2010 15:55     C:\Windows\system32\dnssd.dll --------- 95520  
     04.05.2010 20:15     C:\Windows\system32\msshsq.dll --------- 345088  
     04.05.2010 18:27     C:\Windows\system32\ieUnatt.exe --------- 32768  
     19.04.2010 19:47     C:\Windows\system32\usbaaplrc.dll --------- 3062048  
     16.04.2010 17:41     C:\Windows\system32\usp10.dll --------- 622080  
     16.04.2010 17:40     C:\Windows\system32\quartz.dll --------- 1570816  
     05.04.2010 17:53     C:\Windows\system32\MP4SDECD.DLL --------- 295424  
     05.04.2010 17:51     C:\Windows\system32\asycfilt.dll --------- 84480  
     01.04.2010 16:20     C:\Windows\system32\WDI --------- 4096  
     10.03.2010 17:22     C:\Windows\system32\DRVSTORE --------- 0  
     04.03.2010 19:45     C:\Windows\system32\vbscript.dll --------- 603648  
     24.02.2010 14:55     C:\Windows\system32\ieapfltr.dat --------- 2452872  
     24.02.2010 10:28     C:\Windows\system32\browserchoice.exe --------- 294912  
     21.02.2010 00:44     C:\Windows\system32\nshhttp.dll --------- 32768  
     21.02.2010 00:42     C:\Windows\system32\httpapi.dll --------- 33792  
     20.02.2010 15:51     C:\Windows\system32\NDF --------- 0  
     04.02.2010 09:01     C:\Windows\system32\X3DAudio1_7.dll --------- 24920  
     04.02.2010 09:01     C:\Windows\system32\XAudio2_6.dll --------- 530776  
     04.02.2010 09:01     C:\Windows\system32\xactengine3_6.dll --------- 176984  
     04.02.2010 09:01     C:\Windows\system32\XAPOFX1_4.dll --------- 78680  
     29.01.2010 17:40     C:\Windows\system32\inetcomm.dll --------- 974848  
     21.01.2010 17:34     C:\Windows\system32\l3codeca.acm --------- 72192  
     16.01.2010 04:07     C:\Windows\system32\LogFiles --------- 0  
     13.01.2010 19:34     C:\Windows\system32\cabview.dll --------- 104960  
     28.12.2009 13:45     C:\Windows\system32\tsbyuv.dll --------- 13824  
     28.12.2009 13:42     C:\Windows\system32\msyuv.dll --------- 25600  
     28.12.2009 13:42     C:\Windows\system32\msvidc32.dll --------- 38400  
     28.12.2009 13:42     C:\Windows\system32\msvfw32.dll --------- 143360  
     28.12.2009 13:42     C:\Windows\system32\msrle32.dll --------- 15872  
     28.12.2009 13:41     C:\Windows\system32\mciavi32.dll --------- 93184  
     28.12.2009 13:41     C:\Windows\system32\iyuv_32.dll --------- 54272  
     28.12.2009 13:39     C:\Windows\system32\avifil32.dll --------- 108544  
     28.12.2009 13:39     C:\Windows\system32\avicap32.dll --------- 76800  
     23.12.2009 13:39     C:\Windows\system32\wintrust.dll --------- 218112  
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
     26.11.2010 23:24     C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 6146  
     26.11.2010 23:24     C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 13022  
     26.11.2010 23:23     C:\Windows\Prefetch\WINRAR.EXE-0BE7308A.pf --------- 584040  
     26.11.2010 23:23     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 15906  
     26.11.2010 23:23     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 16882  
     26.11.2010 23:23     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 34762  
     26.11.2010 23:23     C:\Windows\Prefetch\RAREXTLOADER.EXE-4B76CB3C.pf --------- 17358  
     26.11.2010 23:22     C:\Windows\Prefetch\SKYPENAMES.EXE-5801C6A1.pf --------- 18786  
     26.11.2010 23:21     C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 16820  
     26.11.2010 23:18     C:\Windows\Prefetch\RUNDLL32.EXE-41E85287.pf --------- 23406  
     26.11.2010 23:18     C:\Windows\Prefetch\IEUSER.EXE-D895AB54.pf --------- 17948  
     26.11.2010 23:18     C:\Windows\Prefetch\NOTEPAD.EXE-28E040DE.pf --------- 20398  
     26.11.2010 23:18     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 43400  
     26.11.2010 23:18     C:\Windows\Prefetch\RSIT.EXE-58C18585.pf --------- 53162  
     26.11.2010 23:18     C:\Windows\Prefetch\USER.EXE-CD776CB4.pf --------- 53438  
     26.11.2010 23:18     C:\Windows\Prefetch\RUNDLL32.EXE-B626D0EF.pf --------- 31042  
     26.11.2010 23:18     C:\Windows\Prefetch\IEUSER.EXE-DB146D8F.pf --------- 21792  
     26.11.2010 22:54     C:\Windows\Prefetch\JAVAW.EXE-5D411E03.pf --------- 171604  
     26.11.2010 22:54     C:\Windows\Prefetch\JDOWNLOADER.EXE-FF649B01.pf --------- 17068  
     26.11.2010 22:50     C:\Windows\Prefetch\BLIZZARD DOWNLOADER.EXE-D8A4EE2A.pf --------- 93572  
     26.11.2010 22:49     C:\Windows\Prefetch\LAUNCHER.EXE-C7DE8A7F.pf --------- 119826  
     26.11.2010 22:49     C:\Windows\Prefetch\WOW-4.0.0.1807-TO-4.0.0.2072--BF75ED0C.pf --------- 40588  
     26.11.2010 22:49     C:\Windows\Prefetch\INSTALLER.EXE-84F4FA4A.pf --------- 123322  
     26.11.2010 22:47     C:\Windows\Prefetch\DLLHOST.EXE-7A4F5DBA.pf --------- 124766  
     26.11.2010 22:45     C:\Windows\Prefetch\WOW-4.0.0.1807-TO-4.0.0.2072--BAB2F6CF.pf --------- 62386  
     26.11.2010 22:44     C:\Windows\Prefetch\LAUNCHER.PATCH.EXE-E42FACE5.pf --------- 76948  
     26.11.2010 22:41     C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 21914  
     26.11.2010 22:40     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2908526142-1359912759-1687764847-1000.db --------- 1295757  
     26.11.2010 22:40     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2908526142-1359912759-1687764847-1000.db --------- 2291875  
     26.11.2010 22:39     C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 37790  
     26.11.2010 22:39     C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 39202  
     26.11.2010 22:39     C:\Windows\Prefetch\WMPLAYER.EXE-61D40ED1.pf --------- 66810  
     26.11.2010 22:39     C:\Windows\Prefetch\RUNDLL32.EXE-CE557EE2.pf --------- 19596  
     26.11.2010 22:39     C:\Windows\Prefetch\RUNDLL32.EXE-905D47B9.pf --------- 20568  
     26.11.2010 22:39     C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 303250  
     26.11.2010 22:39     C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 22842  
     26.11.2010 22:39     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 32762  
     26.11.2010 22:39     C:\Windows\Prefetch\WINAMP.EXE-3491B3AC.pf --------- 191380  
     26.11.2010 22:37     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1575467  
     26.11.2010 22:37     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 222177  
     26.11.2010 22:37     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3809128  
     26.11.2010 22:37     C:\Windows\Prefetch\AgRobust.db --------- 556464  
     26.11.2010 22:36     C:\Windows\Prefetch\RUNDLL32.EXE-F2FDCBD1.pf --------- 19112  
     26.11.2010 22:36     C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 40008  
     26.11.2010 22:33     C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 19844  
     26.11.2010 20:24     C:\Windows\Prefetch\Layout.ini --------- 1008652  
     26.11.2010 18:05     C:\Windows\Prefetch\AVGSRMAA.EXE-F5EB8F03.pf --------- 37720  
     26.11.2010 18:05     C:\Windows\Prefetch\FIXCFG.EXE-2FAB1334.pf --------- 24028  
     26.11.2010 18:04     C:\Windows\Prefetch\AVGUPD.EXE-F35F0914.pf --------- 44034  
     26.11.2010 13:25     C:\Windows\Prefetch\SCRNSAVE.SCR-225A7D32.pf --------- 9534  
     26.11.2010 13:25     C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 18518  
     26.11.2010 13:12     C:\Windows\Prefetch\UNRAR.EXE-601CF3C8.pf --------- 29376  
     26.11.2010 12:56     C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 10752  
     26.11.2010 12:44     C:\Windows\Prefetch\AVGUI.EXE-891AF29D.pf --------- 85980  
     26.11.2010 04:59     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 23084  
     26.11.2010 04:59     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 41958  
     26.11.2010 03:20     C:\Windows\Prefetch\CMD.EXE-EABFE48B.pf --------- 23368  
     26.11.2010 01:22     C:\Windows\Prefetch\THUNDERBIRD.EXE-D7BDD9EA.pf --------- 147124  
     25.11.2010 23:21     C:\Windows\Prefetch\MPC-HC.EXE-6E68E887.pf --------- 162816  
     25.11.2010 23:11     C:\Windows\Prefetch\FIREFOX.EXE-FBBD985A.pf --------- 225204  
     25.11.2010 22:58     C:\Windows\Prefetch\ICQ.EXE-9DDCE7E1.pf --------- 153310  
     25.11.2010 09:51     C:\Windows\Prefetch\AVGTRAY.EXE-046557F7.pf --------- 40814  
     25.11.2010 09:51     C:\Windows\Prefetch\DLLHOST.EXE-C5C55E89.pf --------- 89832  
     25.11.2010 09:51     C:\Windows\Prefetch\AVGCSRVA.EXE-2D5CE92A.pf --------- 32502  
     25.11.2010 09:51     C:\Windows\Prefetch\AVGWDSVC.EXE-15994AEA.pf --------- 44300  
     25.11.2010 09:51     C:\Windows\Prefetch\AVGRSA.EXE-66B67F9D.pf --------- 8406  
     25.11.2010 09:51     C:\Windows\Prefetch\AVGCHSVA.EXE-75476DB0.pf --------- 11304  
     25.11.2010 03:42     C:\Windows\Prefetch\VLC.EXE-39B02EDC.pf --------- 253316  
     25.11.2010 03:05     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-78000DE6.pf --------- 66176  
     25.11.2010 03:04     C:\Windows\Prefetch\WERFAULT.EXE-0897AE09.pf --------- 34602  
     25.11.2010 02:00     C:\Windows\Prefetch\SPLWOW64.EXE-FBA11EAB.pf --------- 18744  
     24.11.2010 04:49     C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf --------- 34438  
     24.11.2010 04:49     C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15784  
     23.11.2010 12:33     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 141964  
     23.11.2010 12:21     C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 26242  
     23.11.2010 12:18     C:\Windows\Prefetch\ReadyBoot --------- 4096  
     23.11.2010 05:08     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584  
     23.11.2010 03:47     C:\Windows\Prefetch\DLLHOST.EXE-896DB558.pf --------- 38080  
     20.04.2010 16:32     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-2908526142-1359912759-1687764847-1000.snp.db --------- 3000120  
     20.04.2010 16:30     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1958248  
     07.02.2010 04:10     C:\Windows\Prefetch\AgCx_SC1.db --------- 874895  
     07.02.2010 04:10     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 52054  
     07.09.2009 12:01     C:\Windows\Prefetch\AgAppLaunch.db --------- 334168  
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
     23.11.2010 12:16     C:\Windows\Tasks\SA.DAT --------- 6  
     23.11.2010 05:08     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32534  
    ----------------------------------------
    
     
    C:\Windows\Temp
    
     26.11.2010 18:05     C:\Windows\Temp\cc421cca-3be5-422b-8319-2c60a6a1fbf8 --------- 0  
     26.11.2010 09:21     C:\Windows\Temp\b4bd062d-1dd2-4a3a-9f0e-996339cbc7ea --------- 0  
     25.11.2010 18:05     C:\Windows\Temp\9fb46ad4-a303-4ad0-81b6-abc05604d836 --------- 0  
     25.11.2010 09:51     C:\Windows\Temp\69fc4262-59de-4dc9-a057-6cb37bbed2e9 --------- 0  
     24.11.2010 17:39     C:\Windows\Temp\ed364cec-517f-4f87-9d10-45eb1b55b612 --------- 0  
     24.11.2010 09:46     C:\Windows\Temp\00e65031-e3c1-4ac3-bcc7-6f0d2010fa7e --------- 0  
     23.11.2010 17:39     C:\Windows\Temp\d6ee9c24-8950-49e4-b0e5-29a30d3aa7f6 --------- 0  
     23.11.2010 12:22     C:\Windows\Temp\774c02b3-d4c7-481b-9e1e-f6147de6f071 --------- 0  
     22.11.2010 08:18     C:\Windows\Temp\397a3e47-5c02-43c5-afe3-a2c568ca7107 --------- 0  
     22.11.2010 08:17     C:\Windows\Temp\avginfo.id --------- 94  
     21.11.2010 17:32     C:\Windows\Temp\65381ccc-57d5-4c25-af62-cabe0d8a0142 --------- 0  
     21.11.2010 01:11     C:\Windows\Temp\7f5ba0b9-617d-42b8-92a2-47c8a3e9c49b --------- 0  
     20.11.2010 18:27     C:\Windows\Temp\da6dc109-1828-4bb7-843d-a5e0877d0c7c --------- 0  
     20.11.2010 09:30     C:\Windows\Temp\88b34f4f-4242-4c5d-a724-cfd90c2e8d4d --------- 0  
     19.11.2010 18:27     C:\Windows\Temp\fcc737e2-9a36-4bbd-815c-0935c6c9ce01 --------- 0  
     19.11.2010 09:31     C:\Windows\Temp\b1fd95c7-ee32-4c1f-908a-e666dd849ba6 --------- 0  
     18.11.2010 18:27     C:\Windows\Temp\c8338fd1-7ae4-48c6-9d35-bf1e7d9895e6 --------- 0  
     18.11.2010 09:31     C:\Windows\Temp\42cba620-4319-475e-a8ce-806a57845355 --------- 0  
     17.11.2010 18:40     C:\Windows\Temp\be2825b1-f715-4a60-ba9a-2726a46a426e --------- 0  
     17.11.2010 09:31     C:\Windows\Temp\abed5640-0078-4793-8431-d949b17e781c --------- 0  
     16.11.2010 18:27     C:\Windows\Temp\cd74bfc9-d75c-4d4d-a42b-df1959fe4e54 --------- 0  
     16.11.2010 09:31     C:\Windows\Temp\a574e0c0-a599-474c-82c3-480daf280f12 --------- 0  
     15.11.2010 18:54     C:\Windows\Temp\172c0eb3-d56b-4436-bab4-28d69a17b258 --------- 0  
     15.11.2010 09:31     C:\Windows\Temp\23c6ed75-57f5-4f21-a743-d520a9848109 --------- 0  
    ----------------------------------------
    
     
    C:\Users\USER\AppData\Local\Temp
    
     26.11.2010 22:54     C:\Users\USER\AppData\Local\Temp\hsperfdata_USER --------- 0  
     26.11.2010 22:49     C:\Users\USER\AppData\Local\Temp\~DFDC4.tmp --------- 32768  
     26.11.2010 22:49     C:\Users\USER\AppData\Local\Temp\USER.bmp --------- 31832  
     26.11.2010 22:49     C:\Users\USER\AppData\Local\Temp\Blizzard Installer Bootstrap - 11b6e980 --------- 0  
     26.11.2010 22:45     C:\Users\USER\AppData\Local\Temp\~DFB001.tmp --------- 32768  
     26.11.2010 22:45     C:\Users\USER\AppData\Local\Temp\_TR9FC4.tmp --------- 1731  
     26.11.2010 22:39     C:\Users\USER\AppData\Local\Temp\WPDNSE --------- 0  
     26.11.2010 13:06     C:\Users\USER\AppData\Local\Temp\plugtmp-9 --------- 8192  
     26.11.2010 13:05     C:\Users\USER\AppData\Local\Temp\fla4122.tmp --------- 1388382  
     25.11.2010 02:57     C:\Users\USER\AppData\Local\Temp\plugtmp-8 --------- 0  
     23.11.2010 05:07     C:\Users\USER\AppData\Local\Temp\plugtmp-7 --------- 4096  
     23.11.2010 03:44     C:\Users\USER\AppData\Local\Temp\amt.log --------- 2117  
     23.11.2010 03:44     C:\Users\USER\AppData\Local\Temp\alm.log --------- 1058  
     23.11.2010 03:44     C:\Users\USER\AppData\Local\Temp\libFNP_events.log --------- 279  
     22.11.2010 00:29     C:\Users\USER\AppData\Local\Temp\plugtmp-6 --------- 0  
     21.11.2010 22:27     C:\Users\USER\AppData\Local\Temp\080306ebf08092c173766870adb7b3.dlc --------- 3204  
     21.11.2010 17:44     C:\Users\USER\AppData\Local\Temp\Microsoft .NET Framework 3.5-KB2416473_20101121_164433371.html --------- 104432  
     21.11.2010 17:44     C:\Users\USER\AppData\Local\Temp\Microsoft .NET Framework 3.5-KB2416473_20101121_164433371-Msi0.txt --------- 1466858  
     21.11.2010 17:44     C:\Users\USER\AppData\Local\Temp\dd_clwireg.txt --------- 4151  
     21.11.2010 17:39     C:\Users\USER\AppData\Local\Temp\Microsoft .NET Framework 3.5-KB963707_20101121_163942928.html --------- 88026  
     21.11.2010 17:39     C:\Users\USER\AppData\Local\Temp\Microsoft .NET Framework 3.5-KB963707_20101121_163942928-Msi0.txt --------- 689492  
     21.11.2010 16:22     C:\Users\USER\AppData\Local\Temp\plugtmp-5 --------- 0  
     21.11.2010 14:41     C:\Users\USER\AppData\Local\Temp\{9602A91F-4E27-4866-8619-A3B7164F1FD3} --------- 0  
     20.11.2010 19:17     C:\Users\USER\AppData\Local\Temp\plugtmp-4 --------- 0  
     20.11.2010 17:20     C:\Users\USER\AppData\Local\Temp\wmplog00.sqm --------- 6582  
     20.11.2010 16:13     C:\Users\USER\AppData\Local\Temp\wmsetup.log --------- 410  
     20.11.2010 06:44     C:\Users\USER\AppData\Local\Temp\A9R74E0.tmp --------- 358  
     20.11.2010 06:44     C:\Users\USER\AppData\Local\Temp\java_install_reg.log --------- 1580  
     20.11.2010 06:38     C:\Users\USER\AppData\Local\Temp\plugtmp-3 --------- 0  
     19.11.2010 17:48     C:\Users\USER\AppData\Local\Temp\msohtmlclip1 --------- 0  
     19.11.2010 17:48     C:\Users\USER\AppData\Local\Temp\msohtmlclip --------- 0  
     18.11.2010 19:22     C:\Users\USER\AppData\Local\Temp\nro.log --------- 0  
     17.11.2010 16:45     C:\Users\USER\AppData\Local\Temp\plugtmp-2 --------- 0  
     17.11.2010 07:14     C:\Users\USER\AppData\Local\Temp\icq_7.2_build_3159_banner_remover.zip --------- 2108830  
     17.11.2010 07:03     C:\Users\USER\AppData\Local\Temp\{E0A2B633-E9C8-437F-A5EA-F3CD7B8CD70C} --------- 0  
     17.11.2010 06:52     C:\Users\USER\AppData\Local\Temp\02b673270b0b50a8d44ad649a71454c1.exe --------- 13542560  
     16.11.2010 18:42     C:\Users\USER\AppData\Local\Temp\plugtmp-1 --------- 0  
     15.11.2010 16:35     C:\Users\USER\AppData\Local\Temp\plugtmp --------- 0  
     15.11.2010 01:51     C:\Users\USER\AppData\Local\Temp\Low --------- 0  
     07.09.2009 12:08     C:\Users\USER\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
    ----------------------------------------
    
     
    C:\Program Files
    
     21.11.2010 17:49     C:\Program Files\Windows Media Player --------- 4096  
     21.11.2010 17:48     C:\Program Files\Internet Explorer --------- 4096  
     21.11.2010 17:48     C:\Program Files\Windows Mail --------- 4096  
     21.11.2010 17:48     C:\Program Files\Movie Maker --------- 4096  
     21.11.2010 02:19     C:\Program Files\Unlocker --------- 4096  
     15.11.2010 01:50     C:\Program Files\CCleaner --------- 0  
     19.10.2010 13:14     C:\Program Files\Media Player Classic - Home Cinema --------- 8192  
     24.06.2010 16:49     C:\Program Files\iTunes --------- 4096  
     24.06.2010 16:49     C:\Program Files\iPod --------- 0  
     24.06.2010 16:46     C:\Program Files\Bonjour --------- 0  
     05.04.2010 17:15     C:\Program Files\Recuva --------- 0  
     10.03.2010 17:20     C:\Program Files\Common Files --------- 4096  
     03.11.2009 16:39     C:\Program Files\Microsoft Office --------- 0  
     26.09.2009 17:39     C:\Program Files\CanonBJ --------- 0  
     07.09.2009 12:07     C:\Program Files\Windows NT --------- 4096  
     07.09.2009 12:07     C:\Program Files\Gemeinsame Dateien --------- 0  
     21.01.2008 04:21     C:\Program Files\desktop.ini --------- 174  
     21.01.2008 04:08     C:\Program Files\Windows Calendar --------- 0  
     21.01.2008 04:08     C:\Program Files\Windows Sidebar --------- 4096  
     21.01.2008 04:08     C:\Program Files\Windows Journal --------- 4096  
     21.01.2008 04:08     C:\Program Files\Windows Photo Gallery --------- 4096  
     21.01.2008 04:08     C:\Program Files\Windows Defender --------- 4096  
     02.11.2006 16:42     C:\Program Files\Uninstall Information --------- 0  
     02.11.2006 16:06     C:\Program Files\Microsoft Games --------- 0  
     02.11.2006 16:06     C:\Program Files\Reference Assemblies --------- 0  
     02.11.2006 16:06     C:\Program Files\MSBuild --------- 0  
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    USER    
    Public    
    AppData    
    Default    
    desktop.ini    
    All Users    
    Default User    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    127.0.0.1       localhost
    ::1             localhost
    127.0.0.1 im.adtech.de
    127.0.0.1 adserver.adtech.de
    127.0.0.1 adtech.de
    127.0.0.1 ar.atwola.com
    127.0.0.1 atwola.com
    127.0.0.1 adserver.71i.de
    127.0.0.1 adicqserver.71i.de
    127.0.0.1 71i.de
    
    ----------------------------------------
    
     
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            24 K
    System                           4 Services                   0       143.172 K
    smss.exe                       580 Services                   0         1.256 K
    csrss.exe                      648 Services                   0         8.176 K
    wininit.exe                    716 Services                   0         5.692 K
    csrss.exe                      736 Console                    1        14.772 K
    services.exe                   856 Services                   0         9.652 K
    lsass.exe                      868 Services                   0         3.196 K
    lsm.exe                        876 Services                   0         6.668 K
    winlogon.exe                  1128 Console                    1         8.888 K
    svchost.exe                   1364 Services                   0        10.028 K
    nvvsvc.exe                    1412 Services                   0         5.304 K
    svchost.exe                   1440 Services                   0        11.760 K
    svchost.exe                   1572 Services                   0        21.184 K
    svchost.exe                   1596 Services                   0       206.768 K
    svchost.exe                   1608 Services                   0       113.516 K
    audiodg.exe                   1700 Services                   0        16.936 K
    SLsvc.exe                     1736 Services                   0        13.200 K
    svchost.exe                   1800 Services                   0        20.772 K
    svchost.exe                   1960 Services                   0        37.584 K
    rundll32.exe                  1424 Console                    1         9.504 K
    spoolsv.exe                   2172 Services                   0        15.732 K
    svchost.exe                   2196 Services                   0        29.096 K
    taskeng.exe                   2672 Services                   0         8.320 K
    alg.exe                       2808 Services                   0         6.016 K
    AppleMobileDeviceService.     2828 Services                   0         9.772 K
    WLanNetService.exe            2872 Services                   0         7.496 K
    mDNSResponder.exe             2888 Services                   0         6.956 K
    ijplmsvc.exe                  2928 Services                   0        15.296 K
    svchost.exe                   2564 Services                   0         6.496 K
    svchost.exe                   1824 Services                   0         9.920 K
    svchost.exe                   1952 Services                   0         6.408 K
    SearchIndexer.exe             1304 Services                   0        63.864 K
    dwm.exe                       3848 Console                    1        87.568 K
    taskeng.exe                   3956 Console                    1        16.260 K
    rundll32.exe                  4060 Console                    1         6.896 K
    ehtray.exe                    3408 Console                    1         3.136 K
    VCDDaemon.exe                 3832 Console                    1         7.988 K
    iTunesHelper.exe              2308 Console                    1        15.376 K
    WLanGUI.exe                   1872 Console                    1         7.232 K
    ehmsas.exe                    2908 Console                    1         6.160 K
    iPodService.exe               4228 Services                   0         9.076 K
    wmpnscfg.exe                  4348 Console                    1         7.648 K
    wmpnetwk.exe                  4532 Services                   0        19.200 K
    javaw.exe                     4872 Console                    1       652.968 K
    conime.exe                    4520 Console                    1         4.984 K
    firefox.exe                   4968 Console                    1       963.044 K
    plugin-container.exe          4488 Console                    1        37.300 K
    avgchsva.exe                  4112 Services                   0        43.380 K
    avgrsa.exe                    3700 Services                   0           876 K
    avgwdsvc.exe                  1032 Services                   0         2.868 K
    avgcsrva.exe                  4004 Services                   0         1.648 K
    avgtray.exe                   5796 Console                    1         3.064 K
    explorer.exe                  3668 Console                    1       101.244 K
    WUDFHost.exe                  3108 Services                   0         9.024 K
    SearchProtocolHost.exe        1228 Services                   0        12.552 K
    SearchFilterHost.exe          1772 Services                   0         7.624 K
    cmd.exe                        800 Console                    1         3.916 K
    tasklist.exe                  4380 Console                    1         6.752 K
    WmiPrvSE.exe                   984 Services                   0         8.448 K
    
     
    ***** Ende des Scans 26.11.2010 um 23:24:42,31 ***

    und 4.

    install.txt

    Code:
    AC3Filter 1.63b	Alexander Vigovsky	21.10.2009	7,00MB	1.63b
    Adobe AIR	Adobe Systems Inc.	31.05.2010	30,7MB	1.5.2.8900
    Adobe Color Common Settings	Adobe Systems Incorporated	13.05.2010		1.0.1
    Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	13.05.2010		2.0.2
    Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	06.09.2009		10.0.12.36
    Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	23.07.2010		10.1.53.64
    Adobe Photoshop CS3	Adobe Systems Incorporated	25.09.2009		10.0
    Adobe Reader 9.1 - Deutsch	Adobe Systems Incorporated	08.09.2009	234MB	9.1.0
    Adobe Shockwave Player 11.5	Adobe Systems, Inc.	13.05.2010		11.5.7.609
    Alien Swarm	Valve	29.07.2010	0,68MB	
    Apple Application Support	Apple Inc.	23.06.2010	42,8MB	1.3.0
    Apple Mobile Device Support	Apple Inc.	23.06.2010	20,6MB	3.1.0.62
    Apple Software Update	Apple Inc.	09.03.2010	2,16MB	2.1.1.116
    Armagetron Advanced 0.2.8.3.1.gcc	Armagetron Advanced Team	01.04.2010	8,14MB	0.2.8.3.1.gcc
    Audacity 1.2.6		02.10.2009	8,63MB	
    AVG Free 9.0	AVG Technologies	07.11.2009	69,9MB	
    AVM FRITZ!WLAN	AVM Berlin	23.10.2010		
    Battlefield 2(TM)		02.04.2010	2.045MB	
    Bonjour	Apple Inc.	23.06.2010	1,59MB	2.0.2.0
    Borderlands	2K Games	03.04.2010	2.951MB	1.0.295
    Canon MP630 series Benutzerregistrierung		25.09.2009	0,52MB	
    Canon MP630 series MP Drivers		25.09.2009		
    CCleaner	Piriform	14.11.2010	5,96MB	3.00
    Combined Community Codec Pack 2010-10-10	CCCP Project	18.10.2010	26,4MB	2010.10.10.0
    Command & Conquer Generals	Electronic Arts	02.04.2010		0.50.0000
    Counter-Strike 1.6 V40		04.04.2010	741MB	
    DVDVideoSoftTB Toolbar		03.08.2010	2,49MB	
    Easy Video Joiner 5.21	DoEasier Tech Inc.	20.07.2010	5,53MB	
    Free Audio CD Burner version 1.2	DVDVideoSoft Limited.	07.11.2009	2,60MB	
    Free WMA to MP3 Converter 1.16	Jodix Technologies Ltd.	10.03.2010	2,84MB	
    Free YouTube Download 2.8	DVDVideoSoft Limited.	03.08.2010	2,65MB	
    Free YouTube to MP3 Converter version 3.2	DVDVideoSoft Limited.	07.11.2009	2,66MB	
    FreeCommander 2009.02	Marek Jasinski	13.04.2010	4,29MB	2009.02
    GPGNet	Gas Powered Games	02.04.2010	27,6MB	1.0.0
    GPL MPEG-1/2 DirectShow Decoder Filter	Peter Wimmer	21.10.2009	0,25MB	0.1.2
    ICQ 7.2 Build #3159 Banner Remover 1.0	murb.com	16.11.2010	1,04MB	
    ICQ7.2	ICQ	16.11.2010	45,0MB	7.2
    ImgBurn	LIGHTNING UK!	22.10.2009	2,13MB	2.5.0.0
    Inkjet Printer/Scanner Extended Survey Program		25.09.2009	0,95MB	
    iTunes	Apple Inc.	23.06.2010	161,4MB	9.2.0.61
    Java(TM) 6 Update 16	Sun Microsystems, Inc.	07.09.2009	95,0MB	6.0.160
    League of Legends		31.05.2010	2.873MB	
    Left 4 Dead 2	Valve	02.12.2009	6.365MB	
    Malwarebytes' Anti-Malware	Malwarebytes Corporation	14.11.2010	3,91MB	
    marvell 61xx	Marvell	06.09.2009	0,34MB	1.2.0.57
    Marvell Miniport Driver	Marvell	06.09.2009	1,73MB	10.22.4.3
    Media Player Classic - Home Cinema v1.4.2499.0 x64	MPC-HC Team	18.10.2010	33,6MB	1.4.2499.0
    Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	19.09.2009	32,4MB	
    Microsoft Office Enterprise 2007	Microsoft Corporation	02.11.2009	615MB	12.0.4518.1014
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	11.04.2010	0,41MB	8.0.59193
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	19.09.2009	1,25MB	9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.04.2010	0,58MB	9.0.30729
    Mobile Mouse Server	RPA Tech, Inc	23.10.2010	1,16MB	2.0.3.1
    Mozilla Firefox (3.6.12)	Mozilla	28.10.2010	31,1MB	3.6.12 (de)
    Mozilla Thunderbird (3.1.6)	Mozilla	30.10.2010	36,6MB	3.1.6 (de)
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.11.2010	1,28MB	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	20.11.2010	1,34MB	4.20.9876.0
    Nero 9	Nero AG	20.09.2009	1.074MB	
    Network Stumbler 0.4.0 (remove only)		19.02.2010	0,86MB	
    NVIDIA Drivers	NVIDIA Corporation	06.09.2009	3.098MB	1.3
    NVIDIA PhysX	NVIDIA Corporation	06.09.2009	119,9MB	9.09.0203
    Octoshape Streaming Services		29.08.2010	0,75MB	
    Opera 10.53	Opera Software ASA	11.05.2010	28,3MB	10.53
    Pando Media Booster	Pando Networks Inc.	30.05.2010	7,01MB	2.3.3.9
    QuickTime	Apple Inc.	23.06.2010	73,8MB	7.66.73.0
    Recuva	Piriform	04.04.2010	2,73MB	1.36
    Skype web features	Skype Technologies S.A.	31.01.2010	4,34MB	1.0.3971
    Skype™ 4.1	Skype Technologies S.A.	31.01.2010	31,1MB	4.1.179
    Spybot - Search & Destroy	Safer Networking Limited	10.12.2009	58,5MB	1.6.2
    Steam	Valve Corporation	01.12.2009	42,3MB	1.0.0.0
    Steamless Portal Pack	Steamless	25.02.2010	3.927MB	1.0
    Stereoscopic Player	3dtv.at	21.10.2009	6,04MB	1.5.0
    Supreme Commander	Gas Powered Games	02.04.2010	7.857MB	1.00.0000
    Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal	Telltale Games	21.01.2010	269MB	
    Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay	Telltale Games	21.01.2010	341MB	
    Tales of Monkey Island: Chapter 3 - Lair of the Leviathan	Telltale Games	21.01.2010	373MB	
    Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood	Telltale Games	22.01.2010	451MB	
    Tales of Monkey Island: Chapter 5 - Rise of the Pirate God	Telltale Games	24.01.2010	358MB	
    TeamSpeak 2 RC2	Dominating Bytes Design	20.10.2010		2.0.32.60
    TomTom HOME 2.7.3.1894	TomTom	20.02.2010	48,7MB	2.7.3.1894
    TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	20.02.2010	1,88MB	1.0.2
    Uninstall 1.0.0.1		03.08.2010	17,7MB	
    Unlocker 1.9.0-x64	Cedrick Collomb	20.11.2010	0,27MB	1.9.0
    VirtualCloneDrive	Elaborate Bytes	27.10.2009	2,24MB	
    Visual C++ 8.0 Runtime Setup Package (x64)	AVG Technologies CZ, s.r.o.	07.11.2009	2,24MB	9.0.0.623
    VLC media player 1.0.1	VideoLAN Team	08.09.2009	72,4MB	1.0.1
    WavePad Sound Editor	NCH Software	23.06.2010	6,46MB	
    Winamp	Nullsoft, Inc	01.06.2010	17,3MB	5.572 
    Winamp Erkennungs-Plug-in	Nullsoft, Inc	01.06.2010	0,13MB	1.0.0.1
    WinRAR		07.09.2009	3,82MB	
    World of Warcraft	Blizzard Entertainment	29.10.2010	31.813MB	4.0.1.13205

  4. #4
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.733

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
    Code:
    AVG - Meldung/Bericht
    Malwarebytes
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  5. #5
    Einsteiger
    Registriert seit
    21.11.2010
    Beiträge
    9

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    AVG ... aktueller gesamtscan

    Code:
    "Scan ""Gesamten Computer scannen"" wurde beendet."
    "Infektionen";"10";"10";"0"
    "Für den Scanvorgang ausgewählte Ordner:";"Gesamten Computer scannen"
    "Start des Scans:";"Samstag, 27. November 2010, 14:50:23"
    "Scan beendet:";"Samstag, 27. November 2010, 15:14:57 (24 Minute(n) 33 Sekunde(n))"
    "Gesamtanzahl gescannter Objekte:";"925513"
    "Benutzer, der den Scan gestartet hat:";"USER"
    
    "Infektionen"
    "Datei";"Infektion";"Ergebnis"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\22e40bfd-3f40ce9f:\bpac\a.class";"Trojaner: Downloader.Generic_c.BRX";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\22e40bfd-3f40ce9f";"Trojaner: Downloader.Generic_c.BRX";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7f3aa7b5-10e6a1b5:\SiteError.class";"Trojaner: Generic2_c.BOMM";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7f3aa7b5-10e6a1b5:\mosdef.class";"Trojaner: Generic2_c.BOML";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7f3aa7b5-10e6a1b5:\dostuff.class";"Trojaner: Generic2_c.BOMK";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7f3aa7b5-10e6a1b5:\CustomClass.class";"Trojaner: Generic2_c.BOMJ";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7f3aa7b5-10e6a1b5";"Trojaner: Generic2_c.BOMJ";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f5c9660-41d50946";"Trojaner: Dropper.Generic2.BXSN";"In Virenquarantäne verschoben"
    "C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f5c9660-3abcc7e3";"Trojaner: Dropper.Generic2.BXSN";"In Virenquarantäne verschoben"
    "C:\Program Files (x86)\Mozilla Firefox\0.4094967469173797.exe";"Trojaner: Dropper.Generic2.BXSN";"In Virenquarantäne verschoben"

    und so sah es wegen der dllhexer.dll aus, mehr wurde im "residenten schutz" auch nicht gefunden...

    Code:
    Residenten Schutz
    "Infektion"	"Objekt"	"Ergebnis"	"Erkennungszeit"	"Objekttyp"	"Vorgang"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 02:20:14"	"Datei"	"C:\Windows\Explorer.EXE"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 02:19:35"	"Datei"	"C:\Users\USER\Desktop\Unlocker1.9.0-x64.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 02:14:44"	"Datei"	"C:\Program Files\CCleaner\CCleaner64.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:30:16"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:29:21"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:26:31"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:26:01"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:25:30"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:24:44"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:23:52"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:22:58"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:22:56"	"Datei"	"C:\Windows\Explorer.EXE"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"In Virenquarantäne verschoben"	"21.11.2010, 01:22:27"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:20:32"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:18:53"	"Datei"	"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"In Virenquarantäne verschoben"	"21.11.2010, 01:17:29"	"Datei"	"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:12:26"	"Datei"	"C:\Program Files (x86)\AVG\AVG9\avgupd.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:11:40"	"Datei"	"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"Infiziert"	"21.11.2010, 01:11:00"	"Datei"	"C:\Program Files (x86)\AVG\AVG9\avgupd.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"In Virenquarantäne verschoben"	"20.11.2010, 18:55:27"	"Datei"	"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
    "Trojaner: PSW.Generic8.AIDT"	"c:\Windows\SysWOW64\dllhexer.dll"	"In Virenquarantäne verschoben"	"20.11.2010, 18:27:35"	"Datei"	"C:\Program Files (x86)\AVG\AVG9\avgupd.exe"

    Malwarebytes hat im neuen scan nichts gefunden
    Alte Funde:

    Code:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    
    Datenbank Version: 5159
    
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000
    
    21.11.2010 01:17:29
    mbam-log-2010-11-21 (01-17-29).txt
    
    Art des Suchlaufs: Quick-Scan
    Durchsuchte Objekte: 145288
    Laufzeit: 3 Minute(n), 46 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 1
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 0
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win32runtime (Password.Stealer) -> Quarantined and deleted successfully.
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien:
    (Keine bösartigen Objekte gefunden)
    Code:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    
    Datenbank Version: 5117
    
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000
    
    21.11.2010 00:07:59
    mbam-log-2010-11-21 (00-07-59).txt
    
    Art des Suchlaufs: Quick-Scan
    Durchsuchte Objekte: 138771
    Laufzeit: 3 Minute(n), 8 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 2
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien:
    C:\Users\USER\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
    Code:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    
    Datenbank Version: 5117
    
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000
    
    15.11.2010 01:40:43
    mbam-log-2010-11-15 (01-40-43).txt
    
    Art des Suchlaufs: Quick-Scan
    Durchsuchte Objekte: 145063
    Laufzeit: 2 Minute(n), 35 Sekunde(n)
    
    Infizierte Speicherprozesse: 1
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 4
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 1
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 2
    
    Infizierte Speicherprozesse:
    C:\Users\USER\AppData\Roaming\scvhost.exe (Trojan.Agent) -> Unloaded process successfully.
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
    
    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exeC:\Users\USER\AppData\Roaming\appconf32.exe,C:\Users\USER\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
    
    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien:
    C:\Users\USER\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
    C:\Users\USER\AppData\Roaming\scvhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    Geändert von LiLaLaunebär (28.11.2010 um 01:56 Uhr)

  6. #6
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.733

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    1.
    ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:-> Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf wählen!)

    2.
    ♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
    ♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

    Achtung!:
    Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Eset/Nod32
    ♦ die Scanergebnis als *.txt Dateien speichern)
    - (Kostenlose Online Scanner - Anleitung)
    ♦ Poste bitte das Logfile
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  7. #7
    Einsteiger
    Registriert seit
    21.11.2010
    Beiträge
    9

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    kurz zwischenfrage... ich wollte autorun komplett deaktivieren, doch wenn ich TweakUI installieren will kommt nur die meldung "cannot set up microsoft windows powertoys"

    malwarebytes scan

    Code:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    
    Datenbank Version: 5199
    
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000
    
    27.11.2010 17:28:42
    mbam-log-2010-11-27 (17-28-42).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|Z:\|)
    Durchsuchte Objekte: 475730
    Laufzeit: 1 Stunde(n), 8 Minute(n), 19 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 1
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien:
    C:\Users\USER\AppData\Local\Opera\Opera\cache\g_003C\opr06U6B.tmp (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

    2. der online scanner läuft nicht, es kommt bei schritt 2 von 4 die meldung "can not get update. is proxy configured?"

    liegt vielleicht am router!?
    Geändert von LiLaLaunebär (27.11.2010 um 17:29 Uhr)

  8. #8
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.733

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    Zitat Zitat von LiLaLaunebär Beitrag anzeigen
    kurz zwischenfrage... ich wollte autorun komplett deaktivieren, doch wenn ich TweakUI installieren will kommt nur die meldung "cannot set up microsoft windows powertoys"
    unter Win7 läuft nicht so viel ich weiß..

    Zitat Zitat von LiLaLaunebär Beitrag anzeigen
    2. der online scanner läuft nicht, es kommt bei schritt 2 von 4 die meldung "can not get update. is proxy configured?"
    verwendest Du einen Proxy ? eventuell dort die Proxyeinstellungen ändern?
    im Internet Explorer auch nachsehen, so: -> http://www.rrze.uni-erlangen.de/dien...8.shtml#name12

    über das Menü Extras-> Internetoptionen-> Verbindungen-> den Unterpunkt LAN-Einstellungen
    Proxyeinstellungen zu überprüfen, klick hier: http://www.invoke.com/index/h_l_proxy_ge
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  9. #9
    Einsteiger
    Registriert seit
    21.11.2010
    Beiträge
    9

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    ich benutze keinen proxy, firefox/opera (die ich benutze) ist proxy abgewählt, mit IE auch probiert, war proxy auch abgewählt...

    und der 2te link...
    Proxyeinstellungen zu überprüfen, klick hier: http://www.invoke.com/index/h_l_proxy_ge
    der geht auf?! oder was soll man dadurch überprüfen?

  10. #10
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.733

    AW: Taskleiste verschwunden, Systemwiederherstellung, Logs

    ja der Link ist out...
    versuche zunächst die Einstellungen im IE umändern:
    gehe bitte wie folgt vor:
    So verhindern Sie, dass die Informationsleiste Datei- und Softwaredownloads blockiert

    1.
    Öffnen Sie Internet Explorer, indem Sie auf die Schaltfläche StartSchaltfläche "Start" klicken und dann auf Internet Explorer klicken.
    2.
    Klicken Sie auf die Schaltfläche Extras und dann auf Internetoptionen.
    3.
    Klicken Sie auf der Registerkarte Sicherheit auf Stufe anpassen.
    4.
    Führen Sie eine oder beide der folgenden Aktionen aus:

    Um die Informationsleiste für ActiveX-Steuerelemente zu deaktivieren, klicken Sie im Listenabschnitt ActiveX-Steuerelemente und Plug-Ins unter Automatische Eingabeaufforderung für ActiveX-Steuerelemente auf Aktivieren.

    Um die Informationsleiste bei Dateidownloads zu deaktivieren, klicken Sie im Abschnitt Download der Liste unter Automatische Eingabeaufforderung für Dateidownloads zulassen auf Aktivieren.
    5.
    Klicken Sie auf OK und dann auf Ja, um die gewünschten Änderungen zu bestätigen, und klicken Sie dann erneut auf OK.
    - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Taskleiste Verschwunden
    Von abmasterb im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 12.11.2009, 18:45
  2. Startmenü und Taskleiste verschwunden
    Von Babba im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 17.09.2009, 15:07
  3. Antworten: 7
    Letzter Beitrag: 05.06.2007, 13:36
  4. Desktop Und Taskleiste Verschwunden ! ! !
    Von don-aurelio im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 17.05.2007, 00:05
  5. Taskleiste komplett verschwunden !
    Von Scandalous im Forum Archiv
    Antworten: 0
    Letzter Beitrag: 22.01.2007, 22:09

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •