Seite 2 von 3 ErsteErste 123 LetzteLetzte
Ergebnis 11 bis 20 von 24

Thema: Malware-Found von Anti-Vir nach Aufrufen einer Website

  1. #11
    Einsteiger
    Registriert seit
    23.02.2012
    Beiträge
    25
    Wird gemacht. Hoffentlich noch in diesem Leben. ;-)

    Hallo Petra,

    hier nun das Log-File von Malwarebytes. Die Funde waren allesamt von alten Backups auf den externen Platten und wurden entfernt.

    Code:
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org
    
    Datenbank Version: v2012.02.26.01
    
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    Besitzer :: BESITZER-PC [Administrator]
    
    26.02.2012 14:46:59
    mbam-log-2012-02-26 (14-46-59).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 1403688
    Laufzeit: 4 Stunde(n), 56 Minute(n), 49 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien: 7
    G:\Backup\Daten\Backup Uni 060409\C_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\Eigene Dateien\Netscape\Programme\buttons.0xe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    G:\Backup\Daten\Backup Uni 060409\C_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\update-dll.exe (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    G:\Backup\Daten\Backup Uni 060409\C_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\SYSTEM\advert.dll (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\Eigene Dateien\Netscape\Programme\buttons.0xe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\Eigene Dateien\Netscape\Programme\gozilla.exe (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\update-dll.exe (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    M:\BackUp_Uni_15Jan12\I_Daten\Alte_D\FHD_FMS\Alte_D_(UNI)_011004\C_old\WINDOWS\SYSTEM\advert.dll (Adware.Aureate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    (Ende)
    Gern hätte ich die beiden OTL-Logs wie gewünscht attached, aber da ist eine Dateigrößenbeschränkung anderer Meinung. Ich kopiere sie daher wie gehabt als Code hier herein und hoffe, das geht in Ordnung.

    Code:
    OTL logfile created on: 26.02.2012 19:56:50 - Run 2
    OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Besitzer\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    6,00 Gb Total Physical Memory | 4,15 Gb Available Physical Memory | 69,12% Memory free
    12,11 Gb Paging File | 10,17 Gb Available in Paging File | 83,98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916,99 Gb Total Space | 16,75 Gb Free Space | 1,83% Space Free | Partition Type: NTFS
    Drive D: | 14,52 Gb Total Space | 2,00 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
    Drive G: | 596,02 Gb Total Space | 36,62 Gb Free Space | 6,14% Space Free | Partition Type: FAT32
    Drive L: | 29,84 Gb Total Space | 1,83 Gb Free Space | 6,12% Space Free | Partition Type: FAT32
    Drive M: | 1397,23 Gb Total Space | 389,09 Gb Free Space | 27,85% Space Free | Partition Type: NTFS
     
    Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.02.23 22:12:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
    PRC - [2011.12.15 16:34:03 | 000,527,312 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    PRC - [2011.12.15 16:33:35 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    PRC - [2011.08.23 17:07:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011.08.23 17:07:34 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2011.08.23 17:07:30 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
    PRC - [2011.08.23 17:07:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011.08.23 17:07:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008.11.03 17:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008.11.03 17:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2009.02.27 12:04:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.DEU
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - [2011.12.15 16:33:35 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
    SRV - [2011.08.23 17:07:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011.08.23 17:07:34 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
    SRV - [2011.08.23 17:07:30 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
    SRV - [2011.08.23 17:07:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2009.04.09 14:05:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.11.03 17:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
    SRV - [2004.01.28 17:25:24 | 000,020,537 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe -- (RMWPService)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2011.12.15 16:25:15 | 000,068,520 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\acsmux64.sys -- (acsmux)
    DRV:64bit: - [2011.12.15 16:25:15 | 000,045,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\acsint64.sys -- (acsint)
    DRV:64bit: - [2011.08.23 17:08:02 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011.08.23 17:08:02 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011.08.03 21:22:47 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ADBE.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011.02.16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2010.11.10 03:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
    DRV:64bit: - [2010.11.10 03:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010.07.16 12:59:11 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
    DRV:64bit: - [2010.06.22 03:51:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008.11.03 17:10:08 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008.08.06 17:26:08 | 000,174,592 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008.02.22 14:33:00 | 000,151,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2008.02.22 14:32:58 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2008.02.22 14:32:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2007.11.02 14:52:00 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
    DRV:64bit: - [2007.11.02 14:37:24 | 000,018,944 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
    DRV:64bit: - [2007.06.20 13:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
    DRV:64bit: - [2007.01.23 19:03:34 | 000,008,704 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
    DRV - [2009.09.09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/03 22:06:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
    DRV - [2009.05.01 17:10:23 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2008.09.10 02:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
    IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.21 21:04:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2012.02.23 18:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
    [2010.11.03 21:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010.09.21 15:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2012.02.23 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012.02.23 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011.10.21 12:29:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2009.05.30 15:04:58 | 000,118,784 | ---- | M] (FreshDevices Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npfd.dll
     
    O1 HOSTS File: ([2012.02.22 03:00:40 | 000,441,283 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O1 - Hosts: 127.0.0.1	www.007guard.com
    O1 - Hosts: 127.0.0.1	007guard.com
    O1 - Hosts: 127.0.0.1	008i.com
    O1 - Hosts: 127.0.0.1	www.008k.com
    O1 - Hosts: 127.0.0.1	008k.com
    O1 - Hosts: 127.0.0.1	www.00hq.com
    O1 - Hosts: 127.0.0.1	00hq.com
    O1 - Hosts: 127.0.0.1	010402.com
    O1 - Hosts: 127.0.0.1	www.032439.com
    O1 - Hosts: 127.0.0.1	032439.com
    O1 - Hosts: 127.0.0.1	www.0scan.com
    O1 - Hosts: 127.0.0.1	0scan.com
    O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1	1000gratisproben.com
    O1 - Hosts: 127.0.0.1	1001namen.com
    O1 - Hosts: 127.0.0.1	www.1001namen.com
    O1 - Hosts: 127.0.0.1	100888290cs.com
    O1 - Hosts: 127.0.0.1	www.100888290cs.com
    O1 - Hosts: 127.0.0.1	www.100sexlinks.com
    O1 - Hosts: 127.0.0.1	100sexlinks.com
    O1 - Hosts: 127.0.0.1	www.10sek.com
    O1 - Hosts: 127.0.0.1	10sek.com
    O1 - Hosts: 127.0.0.1	www.1-2005-search.com
    O1 - Hosts: 15169 more lines...
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-480038821-1104319843-1313298777-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62632E66-D937-48B8-AC15-74322738F369}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74FC6BA9-80D2-46D0-ACC6-DD8BFCF11334}: Domain = vpn.uni-saarland.de
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74FC6BA9-80D2-46D0-ACC6-DD8BFCF11334}: NameServer = 134.96.7.100,134.96.7.99
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFA65053-C53C-4947-BD23-E7ED470BEC6D}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012.01.15 13:07:44 | 000,057,344 | ---- | M] () - L:\AutographsAndMore_2012_1501.wdb -- [ FAT32 ]
    O32 - Unable to obtain root file information for disk L:\
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.02.26 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Portico Quartet
    [2012.02.26 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Edward Ka-Spel
    [2012.02.25 12:22:21 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012.02.25 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012.02.25 11:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012.02.25 09:15:49 | 015,634,456 | ---- | C] (Mozilla) -- C:\Users\Besitzer\Desktop\Firefox_Setup_10.0.2.exe
    [2012.02.24 19:00:42 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2012.02.24 19:00:42 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2012.02.24 19:00:42 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2012.02.24 19:00:42 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2012.02.24 18:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012.02.24 18:48:50 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012.02.24 18:48:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012.02.24 18:48:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012.02.24 18:48:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012.02.24 15:50:44 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\ttt
    [2012.02.23 22:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    [2012.02.23 22:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2012.02.23 22:12:27 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
    [2012.02.21 17:31:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\vlc
    [2012.02.21 17:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012.02.19 09:27:06 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
    [2012.02.19 09:25:15 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll
    [2012.02.15 15:21:46 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
    [2012.02.15 15:21:40 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012.02.15 15:21:40 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012.02.15 15:21:40 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2012.02.15 15:21:40 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2012.02.15 15:21:40 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2012.02.15 15:21:40 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012.02.15 15:21:40 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012.02.15 15:21:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012.02.15 15:21:39 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2012.02.15 15:21:39 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2012.02.15 15:21:39 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2012.02.15 15:21:39 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012.02.15 15:21:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.02.26 19:49:15 | 000,149,606 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012.02.26 19:49:14 | 000,149,606 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012.02.26 19:48:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.02.26 19:48:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.02.26 19:48:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.02.26 15:53:46 | 000,000,216 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat
    [2012.02.26 15:44:05 | 001,428,480 | ---- | M] () -- C:\Users\Besitzer\Desktop\Cddatei_2012_2602.wdb
    [2012.02.26 07:42:44 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.02.26 07:42:44 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.02.26 07:42:44 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.02.26 07:42:44 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.02.26 07:42:44 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.02.25 19:13:30 | 000,002,525 | ---- | M] () -- C:\Users\Besitzer\Desktop\HiJackThis.lnk
    [2012.02.25 15:29:07 | 000,406,528 | ---- | M] () -- C:\Users\Besitzer\Desktop\Dvddatei_2012_2402.wdb
    [2012.02.25 12:12:08 | 000,165,376 | ---- | M] () -- C:\Users\Besitzer\Desktop\SystemLook_x64.exe
    [2012.02.25 09:15:50 | 015,634,456 | ---- | M] (Mozilla) -- C:\Users\Besitzer\Desktop\Firefox_Setup_10.0.2.exe
    [2012.02.24 19:26:12 | 006,204,711 | ---- | M] () -- C:\Users\Besitzer\Desktop\Frank2.mp3
    [2012.02.24 19:00:07 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2012.02.24 19:00:07 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2012.02.24 19:00:07 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2012.02.24 19:00:07 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2012.02.24 18:48:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012.02.24 18:48:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012.02.24 18:48:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012.02.24 18:48:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012.02.24 17:34:30 | 000,012,919 | ---- | M] () -- C:\Users\Besitzer\.recently-used.xbel
    [2012.02.24 17:29:52 | 000,602,197 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2161_sm.jpg
    [2012.02.24 17:24:55 | 000,255,756 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw_sm.jpg
    [2012.02.24 17:24:01 | 000,521,942 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sm.jpg
    [2012.02.24 17:22:49 | 000,662,299 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw.jpg
    [2012.02.24 17:18:10 | 000,709,538 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b.jpg
    [2012.02.24 16:31:25 | 008,597,547 | ---- | M] () -- C:\Users\Besitzer\Desktop\ttt-telepathy.mp3
    [2012.02.24 16:25:31 | 000,162,816 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.02.24 14:05:27 | 000,034,304 | ---- | M] () -- C:\Users\Besitzer\Desktop\Bluraydatei_2012_2402.wdb
    [2012.02.24 10:50:06 | 000,066,895 | ---- | M] () -- C:\Users\Besitzer\Desktop\Zauberwürfel_3x3x3lsg.pdf
    [2012.02.24 08:51:59 | 118,714,958 | ---- | M] () -- C:\Users\Besitzer\Desktop\Strangeways radio.mp3
    [2012.02.24 08:44:51 | 000,597,437 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2052cr.jpg
    [2012.02.24 08:44:51 | 000,414,609 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2200cr.jpg
    [2012.02.24 08:44:51 | 000,387,841 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2161.jpg
    [2012.02.24 08:44:51 | 000,363,303 | ---- | M] () -- C:\Users\Besitzer\Desktop\atfDSC_2083.jpg
    [2012.02.23 22:56:29 | 001,410,192 | ---- | M] () -- C:\Users\Besitzer\Desktop\sar_15_sfx.exe
    [2012.02.23 22:12:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
    [2012.02.23 18:52:19 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.02.22 03:31:46 | 000,000,160 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\default.rss
    [2012.02.22 03:00:40 | 000,441,283 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.02.22 02:53:49 | 000,001,059 | ---- | M] () -- C:\Users\Besitzer\Desktop\Spybot - Search & Destroy.lnk
    [2012.02.21 17:30:10 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012.02.16 14:58:52 | 000,000,800 | ---- | M] () -- C:\Users\Besitzer\Desktop\Hardware Sicher Entfernen.lnk
    [2012.02.15 22:17:28 | 000,330,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.02.11 13:33:59 | 000,057,856 | ---- | M] () -- C:\Users\Besitzer\Desktop\AutographsAndMore_2012_1102.wdb
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.02.26 15:13:29 | 000,000,216 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat
    [2012.02.25 12:12:08 | 000,165,376 | ---- | C] () -- C:\Users\Besitzer\Desktop\SystemLook_x64.exe
    [2012.02.25 11:22:59 | 000,002,525 | ---- | C] () -- C:\Users\Besitzer\Desktop\HiJackThis.lnk
    [2012.02.24 19:25:54 | 006,204,711 | ---- | C] () -- C:\Users\Besitzer\Desktop\Frank2.mp3
    [2012.02.24 17:34:30 | 000,012,919 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel
    [2012.02.24 17:29:52 | 000,602,197 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2161_sm.jpg
    [2012.02.24 17:24:55 | 000,255,756 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw_sm.jpg
    [2012.02.24 17:24:01 | 000,521,942 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sm.jpg
    [2012.02.24 17:22:48 | 000,662,299 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b_sw.jpg
    [2012.02.24 17:18:10 | 000,709,538 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083b.jpg
    [2012.02.24 16:31:07 | 008,597,547 | ---- | C] () -- C:\Users\Besitzer\Desktop\ttt-telepathy.mp3
    [2012.02.24 10:50:06 | 000,066,895 | ---- | C] () -- C:\Users\Besitzer\Desktop\Zauberwürfel_3x3x3lsg.pdf
    [2012.02.24 08:46:38 | 118,714,958 | ---- | C] () -- C:\Users\Besitzer\Desktop\Strangeways radio.mp3
    [2012.02.24 08:44:51 | 000,597,437 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2052cr.jpg
    [2012.02.24 08:44:51 | 000,414,609 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2200cr.jpg
    [2012.02.24 08:44:51 | 000,387,841 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2161.jpg
    [2012.02.24 08:44:51 | 000,363,303 | ---- | C] () -- C:\Users\Besitzer\Desktop\atfDSC_2083.jpg
    [2012.02.24 07:26:31 | 000,030,259 | ---- | C] () -- C:\Users\Besitzer\Desktop\hjtscanlist.bat
    [2012.02.23 22:56:27 | 001,410,192 | ---- | C] () -- C:\Users\Besitzer\Desktop\sar_15_sfx.exe
    [2012.02.23 18:52:19 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.02.22 02:53:49 | 000,001,059 | ---- | C] () -- C:\Users\Besitzer\Desktop\Spybot - Search & Destroy.lnk
    [2012.02.21 17:30:10 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012.02.19 09:44:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012.02.16 14:58:07 | 000,000,800 | ---- | C] () -- C:\Users\Besitzer\Desktop\Hardware Sicher Entfernen.lnk
    [2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2010.07.29 18:31:24 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010.03.10 19:53:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
     
    ========== LOP Check ==========
     
    [2009.05.25 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Buhl Data Service
    [2011.06.20 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Celemony Software GmbH
    [2009.08.21 17:04:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase
    [2009.11.21 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Cisco
    [2009.05.25 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\dBpoweramp
    [2011.09.19 17:46:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft
    [2011.09.19 17:46:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012.02.24 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\EndNote
    [2009.07.14 08:31:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\EPSON
    [2012.02.25 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\foobar2000
    [2012.02.24 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\gtk-2.0
    [2009.05.06 06:32:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ISI ResearchSoft
    [2011.01.02 12:07:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
    [2009.05.01 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Samsung
    [2009.04.06 13:54:00 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template
    [2010.11.03 21:13:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird
    [2010.09.21 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TomTom
    [2009.08.08 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Tonium
    [2009.09.17 05:35:18 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TrafficMonitor
    [2012.02.23 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent
    [2009.08.07 17:42:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch
    [2010.01.24 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Xilisoft
    [2009.06.12 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Xilisoft Corporation
    [2012.02.26 19:47:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
    
    < End of report >

    Code:
    OTL Extras logfile created on: 26.02.2012 19:56:50 - Run 2
    OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Besitzer\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    6,00 Gb Total Physical Memory | 4,15 Gb Available Physical Memory | 69,12% Memory free
    12,11 Gb Paging File | 10,17 Gb Available in Paging File | 83,98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916,99 Gb Total Space | 16,75 Gb Free Space | 1,83% Space Free | Partition Type: NTFS
    Drive D: | 14,52 Gb Total Space | 2,00 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
    Drive G: | 596,02 Gb Total Space | 36,62 Gb Free Space | 6,14% Space Free | Partition Type: FAT32
    Drive L: | 29,84 Gb Total Space | 1,83 Gb Free Space | 6,12% Space Free | Partition Type: FAT32
    Drive M: | 1397,23 Gb Total Space | 389,09 Gb Free Space | 27,85% Space Free | Partition Type: NTFS
     
    Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
    "VistaSp2" = 70 8F E7 BF 58 A2 CA 01  [binary data]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1EF32B01-4EE1-46D6-ACDB-6AB2682DF34D}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{2BFBE230-C5AD-4E4E-9FEA-66F16BA32189}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{6ADD5457-474A-4EA7-9A9E-6CD1B6747B50}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{6AF7C4E0-4529-4B22-8592-513EBA966388}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{730D3C19-2D06-42D3-BC18-E7563FE7662D}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{90740CBF-C4A3-4AD1-8162-E95ACD965E28}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
    "{ABC684FD-794F-45E9-AEAE-82B109B4623E}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{B67C1C8D-F232-4282-8521-1B95F8958857}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{D11A39DF-5E74-400E-B20E-E78005D3481F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{EEC8BC1C-3F5F-4128-9383-125398744FCF}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{F4D7E999-1DDF-4B11-AB22-E47F51B16064}" = lport=137 | protocol=17 | dir=in | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D231EDF-46B2-4FFA-99AD-B19C75F1D4AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{0F45ABD0-2DD2-4CBC-B0D3-16B7809F5EB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
    "{18E27AD6-6094-4193-9066-56525AB22694}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{20B94F37-AA02-4C2A-BED0-45E74D969802}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
    "{26B3FCC2-61B1-408F-861E-277A4865C22E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
    "{289E6B25-8296-4A5D-9E5A-78778234C5DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{2CDD4297-B909-429D-808E-9E087E298ACA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
    "{3390991D-8E38-4D51-943B-A96BFEBA06F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{39A7270F-85FF-48DE-9AB9-5282B101E2FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
    "{3C1794FD-AB55-47FB-9D04-D0D4B9D56EFD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
    "{40A07069-FD86-49D4-984A-24CB8A63ABC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
    "{56F38999-7E61-4F45-9B93-5517F7BB363A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{6D5EADBE-5B3B-4F02-8C87-141647A486A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
    "{8B5D4B91-BF56-421C-A83B-4FCA6213F482}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
    "{8F399CDB-1AD1-445A-8702-AEC234C868E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
    "{90EAFE9A-68C1-463B-90A8-F6A76AAB563F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
    "{A5A2B8E6-8ED8-42FE-952B-087AF63018E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
    "{AFFDFC11-DA05-4065-998B-E179D6386B68}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
    "{B0F1CA15-8004-413F-807F-59B55FFBC5FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
    "{B1FDA163-70EA-4306-97EB-C8EB7EF7A9CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{B71FFE92-37CA-4C88-8721-DD76E2E8914F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
    "{C8C67B3A-56E4-4E71-8FB6-AFE24FAC34F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{CA0AD87D-0787-45FF-9407-16E8DB840907}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
    "{D65124CB-2482-46B9-88C3-17A17B5D436A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
    "{E204CD6F-212A-4024-9359-3B898EA34D87}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
    "{FB31B8E7-3465-4DD3-9242-3472D7EC295D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "TCP Query User{474D630E-8726-45D2-B400-F290640104BC}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | 
    "TCP Query User{BDD1C86F-CCF4-463F-A775-DDC928A8B91E}C:\program files (x86)\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 9\nero showtime\showtime.exe | 
    "TCP Query User{CCFF1898-E4EB-45A9-8458-E8A492C1D781}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "TCP Query User{F50A60F3-AC1A-4612-820C-E9C0BD1D3CD7}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | 
    "UDP Query User{0610E6F9-DB75-428F-98AF-38EAB457C2F9}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | 
    "UDP Query User{867FD66D-8518-45D8-9AED-880BE7FE93B8}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe | 
    "UDP Query User{DBA14573-2FDA-4EA9-AC2B-50B6D9FBFF64}C:\program files (x86)\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 9\nero showtime\showtime.exe | 
    "UDP Query User{F9C55DAD-400E-4339-BAE4-4A425DF2AB15}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
    "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7DE223C2-C857-44E5-9311-67AA5731B39B}" = Melodyne Runtime 4.0 (x64)
    "{8164DB37-0ED4-4DDA-9644-E0B7A42205CB}" = Motorola Driver Installation 3.4.0
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
    "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
    "PC-Doctor for Windows" = Hardware Diagnose Tools
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "WinGimp-2.0_is1" = GIMP 2.6.6
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
    "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
    "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
    "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
    "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
    "{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
    "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
    "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
    "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
    "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
    "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
    "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
    "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
    "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
    "{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
    "{65D9DA69-4C22-46CA-B762-A338CAC94599}" = Amos 18
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{702ba406-4881-495d-9cbf-a0e0b750c692}" = Nero 9
    "{70B338F0-C957-4079-A3A1-63C68258CE92}_is1" = Fast AMR M4A AC3 WAV MP3 WMA Audio Converter 2.5
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
    "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
    "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
    "{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8BCAC105-C501-41F9-AED1-587024ABCA8C}" = Reference Manager 12 Professional Edition
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
    "{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
    "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BBFB384-E7AF-4397-A5F2-EB856E0BB645}" = Fritz6
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
    "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
    "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
    "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
    "{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}" = DirComp
    "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
    "{BBCAA1F8-DBC5-46A4-B734-21D446E75FD2}" = Motorola Phone Tools
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
    "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
    "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
    "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
    "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
    "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
    "{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
    "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
    "{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5513-1208-7298-9440" = JDownloader 0.9
    "ACDSee 32" = ACDSee 32
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ASIO4ALL" = ASIO4ALL
    "Avira AntiVir Desktop" = Avira AntiVir Professional
    "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "EPSON Scanner" = EPSON Scan
    "foobar2000" = foobar2000 v1.1.8
    "Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
    "FTP Commander" = FTP Commander
    "Image Analyzer" = Image Analyzer
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
    "Lanmonitor 3" = Lanmonitor 2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
    "Monkey's Audio_is1" = Monkey's Audio
    "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "STANDARD" = Microsoft Office Standard 2007
    "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
    "TomTom HOME" = TomTom HOME 2.7.6.2056
    "VLC media player" = VLC media player 2.0.0
    "WAV Converter_is1" = WAV Converter 1.0
    "Web Photo Album_is1" = Web Photo Album 1.2
    "WildTangent hp Master Uninstall" = My HP Games
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR
    "Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 26.02.2012 11:19:25 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
     Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
     
    Error - 26.02.2012 11:39:15 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero WaveEditor\WEDll\waveedit.dll.Manifest".  Die abhängige Assemblierung
     "SMC,processorArchitecture="x86",type="win32",version="6.3.0.0"" konnte nicht gefunden
     werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
     
    Error - 26.02.2012 11:39:38 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero WaveEditor\AudioEffects\AudioEffectLibrary.dll.Manifest".
    Die
     abhängige Assemblierung "SMC,processorArchitecture="x86",type="win32",version="6.3.0.0""
     konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
     "sxstrace.exe".
     
    Error - 26.02.2012 14:50:17 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
     Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
     
    Error - 26.02.2012 14:50:17 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
     Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
     
    Error - 26.02.2012 14:50:21 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 26.02.2012 14:51:52 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
     oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
     
    Error - 26.02.2012 14:51:52 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
     oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
     steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
     Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
     
    Error - 26.02.2012 14:51:54 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
     "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
     mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
     sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
     
    Error - 26.02.2012 14:51:54 | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842830
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
     (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
     "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
     mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
     sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
     
    [ Cisco AnyConnect Secure Mobility Client Events ]
    Error - 26.02.2012 14:49:53 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked
     Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009)
    Description:
     CVCCONFIG_ERROR_UNEXPECTED 
     
    Error - 26.02.2012 14:50:12 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
     Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
    
     
    Error - 26.02.2012 14:50:19 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108866
    Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
    Invoked
     Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
     Daten mehr verfügbar.   
     
    Error - 26.02.2012 14:50:19 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
     1084 NULL object. Cannot establish a connection at this time.
     
    Error - 26.02.2012 14:52:26 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67110872
    Description = Failed Route change:  Action: DelRoute  Destination: 192.168.2.255  Netmask:
     255.255.255.255  Gateway: 192.168.2.100  Interface: 192.168.2.100  Metric: 256
     
    Error - 26.02.2012 14:52:26 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
    Line:
     242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
     ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
     
    Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CDtlsProtocol::timerCallback File: .\DtlsProtocol.cpp Line:
     398 Invoked Function: CDtlsProtocol::retransmit Return Code: -31719410 (0xFE1C000E)
    Description:
     TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED 
     
    Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CCdtpProtocol::OnTunnelInitiateComplete File: .\CdtpProtocol.cpp
    Line:
     449 Invoked Function: OnTunnelInitiateComplete Return Code: -31719410 (0xFE1C000E)
    Description:
     TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
     
    Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp
    Line:
     1156 Invoked Function: Initiate tunnel callback status Return Code: -31719410 (0xFE1C000E)
    Description:
     TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED DTLS tunnel state 0
     
    Error - 26.02.2012 14:53:31 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
    Description = Function: CTlsTunnelMgr::OnTunnelInitiateComplete File: .\TlsTunnelMgr.cpp
    Line:
     619 Invoked Function: CTlsTunnelMgr::OnTunnelInitiateComplete Return Code: -31719410
     (0xFE1C000E) Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
     
    [ OSession Events ]
    Error - 10.05.2009 12:38:12 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2779
     seconds with 180 seconds of active time.  This session ended with a crash.
     
    Error - 14.06.2009 15:13:05 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 725
     seconds with 360 seconds of active time.  This session ended with a crash.
     
    Error - 29.08.2009 02:27:00 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 518
     seconds with 480 seconds of active time.  This session ended with a crash.
     
    Error - 25.07.2010 05:47:04 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    Error - 11.05.2011 15:59:32 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1371
     seconds with 360 seconds of active time.  This session ended with a crash.
     
    Error - 10.07.2011 05:06:27 | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
     12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    [ System Events ]
    Error - 25.02.2012 10:54:43 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7031
    Description = 
     
    Error - 25.02.2012 10:59:12 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 25.02.2012 11:00:27 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 26.02.2012 02:19:06 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 26.02.2012 02:20:55 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 26.02.2012 09:31:51 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 26.02.2012 09:33:41 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
    Description = 
     
    Error - 26.02.2012 14:48:35 | Computer Name = Besitzer-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 26.02.2012 14:50:22 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7011
    Description = 
     
    Error - 26.02.2012 14:50:22 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
    Description = 
     
     
    < End of report >
    Geändert von Petra (01.03.2012 um 15:19 Uhr) Grund: Beiträge zusammengefügt

  2. #12
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.689

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Hallo greenboy1,

    ===== Punkt 1 =====

    Firewall - Ausnahmen löschen

    Du hast sehr viele Ausnahmen in den Firewall-Regeln aufgenommen. Standardmäßig sieht das so aus:



    Schaue das bitte bei Dir durch und lösche die unnötigen wie folgt:

    Start => Systemsteuerung => Windows Firewall => Einstellungen ändern => Reiter "Ausnahmen" anklicken =>
    die zu löschende Ausnahme markieren => Haken entfernen => OK => Abfrage mit "Ja" bestätigen.


    ===== Punkt 2 =====

    Fixen mit OTL

    Hiermit fixen wir unnötige oder schädliche Einträge.

    Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
    • Starte die OTL.exe.
      Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
    • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

    Code:
    :OTL
    
    :Services
    Lbd
    
    :Files
    C:\Users\Besitzer\AppData\Roaming\wklnhst.dat
    C:\Users\Besitzer\AppData\Roaming\uTorrent
    C:\Windows\SysNative\DRIVERS\Lbd.sys
    C:\Program Files (x86)\facemoods.com
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Wenn OTL einen Neustart verlangt, bitte zulassen.
    • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
      Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

    Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
    Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

  3. #13
    Einsteiger
    Registriert seit
    23.02.2012
    Beiträge
    25

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Guten Morgen!

    Punkt 1:
    Ich habe die Häkchen für den Firewall-Ausnahmen gemäß der Vorgabe angepasst. Mein Netzwerkstandort wird als "Öffentlich" angegeben, obwohl es mein Privat-PC ist, zu dem außer mir niemand Zugang hat. Sollte ich das ändern?

    Punkt 2:
    Hier ist das OTL Logfile.
    Code:
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    Service Lbd stopped successfully!
    Service Lbd deleted successfully!
    ========== FILES ==========
    C:\Users\Besitzer\AppData\Roaming\wklnhst.dat moved successfully.
    C:\Users\Besitzer\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
    C:\Users\Besitzer\AppData\Roaming\uTorrent\apps folder moved successfully.
    C:\Users\Besitzer\AppData\Roaming\uTorrent folder moved successfully.
    C:\Windows\SysNative\DRIVERS\Lbd.sys moved successfully.
    File\Folder C:\Program Files (x86)\facemoods.com not found.
    < ipconfig /flushdns /c >
    Windows-IP-Konfiguration
    Der DNS-Aufl”sungscache wurde geleert.
    C:\Users\Besitzer\Desktop\cmd.bat deleted successfully.
    C:\Users\Besitzer\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: All Users
     
    User: Besitzer
    ->Temp folder emptied: 503120 bytes
    ->Temporary Internet Files folder emptied: 38190984 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 86006500 bytes
    ->Flash cache emptied: 2366 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 53846 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 119,00 mb
     
     
    OTL by OldTimer - Version 3.2.33.2 log created on 02272012_084821
    
    Files\Folders moved on Reboot...
    File move failed. C:\Windows\SysNative\781D.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\ADBE.tmp scheduled to be moved on reboot.
    
    Registry entries deleted on Reboot...

  4. #14
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.689

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Hallo greenboy1,

    Punkt 1:
    Ich habe die Häkchen für den Firewall-Ausnahmen gemäß der Vorgabe angepasst. Mein Netzwerkstandort wird als "Öffentlich" angegeben, obwohl es mein Privat-PC ist, zu dem außer mir niemand Zugang hat. Sollte ich das ändern?
    ja, sieht bei mir so aus:
    Angehängte Grafiken Angehängte Grafiken  
    Geändert von Petra (27.02.2012 um 11:22 Uhr)
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

  5. #15
    Einsteiger
    Registriert seit
    23.02.2012
    Beiträge
    25

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Hallo Petra, habe auch das geändert. Wie schätzt Du denn den Stand der Dinge ein? Mein PC läuft rund und ich habe Firefox 10 installiert, den ich wieder als Standardbrowser benutze. So betrifft mich diese Facemoods-Sache (wenn ich eine neue Registerkarte in Internet Explorer öffne, kommt immer noch die Facemoods Suchmaske, und das obwohl ich auch den Internet Explorer auf Version 8 upgedatet habe) nicht mehr so, auch wenn's natürlich eigentlich ein Unding ist. Eventuell konnten die Bereinigungsversuche mit OTL nicht mehr greifen, weil ich Facemoods bereits zu einem früheren Zeitpunkt mit SpyBot zu Leibe gerückt bin (s.o.)?

  6. #16
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.689

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    mache mir bitte von der Facemoods-Suchmaske einen Screenshot nach dieser Anleitung.
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

  7. #17
    Einsteiger
    Registriert seit
    23.02.2012
    Beiträge
    25

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Hallo Petra, anbei der gewünschte Screenshot. Dieses Fenster ist das Ergebnis, wenn ich eine neue Registerkarte öffne.
    Angehängte Grafiken Angehängte Grafiken  

  8. #18
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.689

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Ok, schauen wir mal, wo das her kommt, eine Idee hätte ich da:

    Scan mit SystemLook

    Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

    Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

    Download Mirror #1 - Download Mirror #2
    User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
      Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
    • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

      Code:
      :contents
      C:\windows\system32\blank.htm
      C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
      :regfind
      facemood
    • Klicke nun auf den Button Look, um den Scan zu starten.
    • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
    • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

  9. #19
    Einsteiger
    Registriert seit
    23.02.2012
    Beiträge
    25

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Oh, ich glaube das war erfolgreich. Anbei das Ergebnis:

    Code:
    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:02 on 29/02/2012 by Besitzer
    Administrator - Elevation successful
    
    ========== contents ==========
    
    C:\windows\system32\blank.htm - Unable to open file.
    
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml - Unable to open file.
    
    ========== regfind ==========
    
    Searching for "facemood"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-480038821-1104319843-1313298777-1000\Software\facemoods.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-480038821-1104319843-1313298777-1000\Software\facemoods.com\facemoods]
    [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com]
    [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com\facemoods]
    [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com\facemoods\Instl]
    "InstallDir"="C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://start.facemoods.com/?a=ddrnw&f=2"
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-480038821-1104319843-1313298777-1000\Software\facemoods.com]
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-480038821-1104319843-1313298777-1000\Software\facemoods.com\facemoods]
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com]
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com\facemoods]
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com\facemoods\Instl]
    "InstallDir"="C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11"
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com]
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com\facemoods]
    [HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com\facemoods\Instl]
    "InstallDir"="C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11"
    
    -= EOF =-

  10. #20
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.689

    AW: Malware-Found von Anti-Vir nach Aufrufen einer Website

    Fixen mit OTL

    Hiermit fixen wir unnötige oder schädliche Einträge.

    Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
    • Starte die OTL.exe.
      Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
    • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

    Code:
    :OTL
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-480038821-1104319843-1313298777-1000\Software\facemoods.com]
    [-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"=-
    [-HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-480038821-1104319843-1313298777-1000\Software\facemoods.com]
    [-HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com]
    [-HKEY_USERS\S-1-5-21-480038821-1104319843-1313298777-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\facemoods.com]
    
    :Files
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Wenn OTL einen Neustart verlangt, bitte zulassen.
    • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
      Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

    Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
    Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

    Teste, ob das Problem nun beseitigt ist und sage mir Bescheid
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

Seite 2 von 3 ErsteErste 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Random file Anti Vir / Firefox Problem
    Von LucyRare im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 06.03.2011, 19:22
  2. Anti Vir spinnt und PC verhält sich anders
    Von Denny1000000 im Forum Archiv
    Antworten: 56
    Letzter Beitrag: 28.12.2009, 13:26
  3. anti vir findet Dldr.Swizzor.Gen
    Von Dokidoki im Forum Archiv
    Antworten: 22
    Letzter Beitrag: 14.10.2009, 20:16
  4. avgnt.exe obwohl kein Avira Anti-Vir installiert
    Von nighthawk123 im Forum Vista-Archiv
    Antworten: 10
    Letzter Beitrag: 11.08.2009, 10:59
  5. Antworten: 3
    Letzter Beitrag: 01.11.2007, 18:56

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •