Ergebnis 1 bis 4 von 4

Thema: Trojaner (Rivarts.A?!) Hilfe!

  1. #1
    Einsteiger
    Registriert seit
    20.06.2012
    Beiträge
    2

    Trojaner (Rivarts.A?!) Hilfe!

    Hallo!
    Ich habe diese Nacht festgestellt, dass ich wohl einige Trojaner auf meinem System habe, da bei einem Neustart (nach BlueScreen) sich ein Dienst geöffnet hat, der unter Win7 nicht existiert:

    wscntfy.exe (http://www.neuber.com/taskmanager/de...cntfy.exe.html)
    Ich kann die Seite auch nicht von meinem Rechner aus öffnen, nur vom Handy aus. Der Trojaner blockiert das wohl.


    Nach mehrmaligem Neustart konnte ich dann wieder auf mein Desktop gelangen, habe einmal Hijack drüber laufen lassen (hijackthis1.log(vor BitDefenderScan)) , meinen BitDefender folgendes durch BitDefender festgestellt:

    --->siehe Anhang 1
    Alle Dateien im Download-Ordner habe ich bereits gelöscht!

    hijackthis1.log:
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 00:39:44, on 20.06.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal
    
    Running processes:
    C:\ProgramData\wscntfy.exe
    C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe
    C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Users\NeoLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\NeoLaw\Desktop\HiJackThis204.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: (no name) -  - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O4 - HKLM\..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe                                                                                                                                                                                                     
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [Windows-Audio Driver] C:\ProgramData\wscntfy.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent                                                                                                                                                                                                                                             
    O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~2\ICQ7.4\ICQ.exe" silent loginmode=4                                                                                                                                                                                                                          
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [X1uO2uCd4Zj5QCl] C:\Users\NeoLaw\AppData\Roaming\Setup.exe
    O4 - HKCU\..\Run: [WinLogon] C:\Users\NeoLaw\AppData\Roaming\install.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Windows-Network Component] C:\Program Files (x86)\Common Files\lsmass.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
    O4 - Startup: Dropbox.lnk = NeoLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
    O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://194.94.120.105 (HKLM)
    O15 - Trusted IP range: http://194.94.120.105
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 12636 bytes

    Den Basis-Scan zur System-Analyse, Dateiliste mit HJTscanlist.bat und zwei weitere hijackthis-Logfiles sind ebenfalls abgehakt!

    --->siehe OTL.Txt , Extras.Txt , hijackthis2.log (nach BitDefenderScan)

    OTL.Txt:
    Code:
    OTL logfile created on: 20.06.2012 10:54:01 - Run 1
    OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\NeoLaw\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 22,26% Memory free
    7,98 Gb Paging File | 4,13 Gb Available in Paging File | 51,82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 99,90 Gb Total Space | 5,81 Gb Free Space | 5,81% Space Free | Partition Type: NTFS
    Drive D: | 365,76 Gb Total Space | 306,71 Gb Free Space | 83,85% Space Free | Partition Type: NTFS
     
    Computer Name: NEOLAW3 | User Name: NeoLaw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.06.20 10:51:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\NeoLaw\Desktop\OTL.exe
    PRC - [2012.06.20 00:36:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012.06.08 23:57:39 | 027,262,976 | -H-- | M] () -- C:\ProgramData\wscntfy.exe
    PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\NeoLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012.05.24 19:14:42 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012.05.24 19:14:34 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012.05.01 14:11:43 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\ProgramData\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
    PRC - [2012.04.04 07:53:54 | 001,496,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011.07.14 14:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    PRC - [2011.03.09 15:31:08 | 000,837,008 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    PRC - [2010.10.05 16:54:01 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
    PRC - [2010.10.05 16:54:01 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
    PRC - [2010.07.21 05:02:08 | 000,160,232 | ---- | M] (PortableApps.com) -- C:\ProgramData\ThunderbirdPortable\ThunderbirdPortable.exe
    PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.06.20 10:45:02 | 000,016,384 | ---- | M] () -- C:\Users\NeoLaw\AppData\Local\Temp\nsq3A4E.tmp\registry.dll
    MOD - [2012.06.20 10:45:02 | 000,011,264 | ---- | M] () -- C:\Users\NeoLaw\AppData\Local\Temp\nsq3A4E.tmp\System.dll
    MOD - [2012.06.20 10:45:01 | 000,008,704 | ---- | M] () -- C:\Users\NeoLaw\AppData\Local\Temp\nsq3A4E.tmp\newadvsplash.dll
    MOD - [2012.06.20 00:36:58 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012.06.14 07:19:48 | 000,115,137 | ---- | M] () -- C:\Users\NeoLaw\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    MOD - [2012.06.14 03:45:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012.06.14 03:45:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012.06.14 03:18:48 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
    MOD - [2012.06.14 03:18:31 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
    MOD - [2012.06.14 03:18:26 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
    MOD - [2012.06.14 03:18:18 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
    MOD - [2012.06.14 03:18:14 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
    MOD - [2012.06.08 23:57:39 | 027,262,976 | -H-- | M] () -- C:\ProgramData\wscntfy.exe
    MOD - [2012.05.31 00:10:58 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
    MOD - [2012.05.31 00:03:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
    MOD - [2012.05.31 00:02:25 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
    MOD - [2012.05.30 20:27:20 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
    MOD - [2012.05.30 20:27:16 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
    MOD - [2012.05.30 20:27:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
    MOD - [2012.05.30 20:27:09 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
    MOD - [2012.05.30 20:27:03 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
    MOD - [2012.05.24 19:14:42 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012.05.14 03:50:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012.05.14 03:46:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012.05.14 03:46:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012.05.14 03:46:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012.05.14 03:46:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012.05.05 13:40:17 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    MOD - [2012.05.01 14:11:43 | 001,952,728 | ---- | M] () -- C:\ProgramData\ThunderbirdPortable\App\Thunderbird\mozjs.dll
    MOD - [2012.05.01 14:11:43 | 000,162,776 | ---- | M] () -- C:\ProgramData\ThunderbirdPortable\App\Thunderbird\nsldap32v60.dll
    MOD - [2012.05.01 14:11:43 | 000,021,976 | ---- | M] () -- C:\ProgramData\ThunderbirdPortable\App\Thunderbird\nsldappr32v60.dll
    MOD - [2012.04.15 12:23:47 | 009,389,568 | ---- | M] () -- C:\Users\NeoLaw\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
    MOD - [2012.04.04 07:53:52 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
    MOD - [2011.07.14 14:21:22 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
    MOD - [2011.07.14 14:21:22 | 001,137,664 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
    MOD - [2011.07.14 14:21:22 | 001,108,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,368,640 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,325,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
    MOD - [2011.07.14 14:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
    MOD - [2011.07.14 14:21:20 | 011,496,448 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
    MOD - [2011.07.14 14:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
    MOD - [2011.07.14 14:21:20 | 001,013,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
    MOD - [2011.07.14 14:21:20 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
    MOD - [2011.07.14 14:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
    MOD - [2011.07.14 14:21:20 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
    MOD - [2011.07.14 14:21:20 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
    MOD - [2011.07.14 14:21:20 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
    MOD - [2011.07.14 14:21:20 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
    MOD - [2011.07.14 14:21:18 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
    MOD - [2011.07.14 14:21:18 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
    MOD - [2011.07.14 14:21:18 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
    MOD - [2011.07.14 14:21:18 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
    MOD - [2011.07.14 14:21:18 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
    MOD - [2011.07.14 14:21:18 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
    MOD - [2011.07.14 14:21:16 | 001,776,128 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,338,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
    MOD - [2011.07.14 14:21:16 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,309,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
    MOD - [2011.07.14 14:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
    MOD - [2011.07.14 14:21:12 | 008,248,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,057,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
    MOD - [2011.07.14 14:21:12 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
    MOD - [2011.07.14 14:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
    MOD - [2011.07.14 14:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    MOD - [2011.07.14 14:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
    MOD - [2011.07.14 14:21:10 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
    MOD - [2011.07.14 14:21:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
    MOD - [2011.07.14 14:21:10 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
    MOD - [2011.07.14 14:21:10 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
    MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - [2012.03.30 22:34:57 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
    SRV:64bit: - [2012.03.30 22:34:46 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
    SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012.06.20 00:36:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.05.30 07:20:24 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
    SRV - [2012.05.05 13:40:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.04.07 02:27:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011.10.14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - [2010.11.10 17:39:47 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV - [2010.11.08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2010.10.05 16:54:01 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010.01.23 09:12:18 | 000,673,792 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
    SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
    SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
    SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.03.30 05:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2009.03.30 05:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
    SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008.09.19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
    SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
    SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2007.05.18 08:03:32 | 005,685,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe -- (SageDB 5.0)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2012.03.30 22:35:01 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
    DRV:64bit: - [2012.03.02 13:48:09 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
    DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012.02.06 18:00:18 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
    DRV:64bit: - [2012.02.06 17:59:54 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV:64bit: - [2011.11.25 15:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
    DRV:64bit: - [2011.10.27 15:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
    DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.02.14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2011.02.14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2011.02.14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2010.12.07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
    DRV:64bit: - [2010.12.07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
    DRV:64bit: - [2010.12.07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
    DRV:64bit: - [2010.12.07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
    DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010.02.09 13:30:23 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010.01.19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV:64bit: - [2009.11.19 16:52:26 | 000,033,336 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DbusAudio.sys -- (DbusAudio)
    DRV:64bit: - [2009.10.29 19:02:48 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
    DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
    DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
    DRV:64bit: - [2009.09.10 11:28:26 | 000,129,536 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silvrlnk.sys -- (SilvrLnk) SilverLink (USB GraphLink)
    DRV:64bit: - [2009.08.14 11:15:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009.06.15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.04.16 13:18:40 | 000,033,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
    DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008.08.01 02:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Vid.sys -- (OA002Vid)
    DRV:64bit: - [2008.06.03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Ufd.sys -- (OA002Ufd)
    DRV:64bit: - [2008.03.17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2007.06.08 02:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Afx.sys -- (OA002Afx)
    DRV:64bit: - [2005.11.07 14:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Razerlow.sys -- (Razerlow)
    DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2011.11.14 20:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
    DRV - [2011.11.14 20:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV - [2010.11.18 02:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV - [2010.03.18 00:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
    DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 2A 34 51 4F 17 CB 01  [binary data]
    IE - HKCU\..\URLSearchHook:  - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {D923A1EB-DAB3-4590-B575-E025FFE57546}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE
    IE - HKCU\..\SearchScopes\{3018C04E-3237-4B08-9442-0EE91AE3A17A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
    IE - HKCU\..\SearchScopes\{D923A1EB-DAB3-4590-B575-E025FFE57546}: "URL" = http://www.google.de/search?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http:\\\\www.winfuture.de"
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:9.8.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
    FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
    FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
    FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac"
    FF - prefs.js..network.proxy.type: 2
     
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012.01.29 00:59:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 00:36:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 11:11:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012.01.29 00:59:04 | 000,000,000 | ---D | M]
     
    [2010.08.15 11:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NeoLaw\AppData\Roaming\mozilla\Extensions
    [2010.08.15 11:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NeoLaw\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012.05.19 09:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NeoLaw\AppData\Roaming\mozilla\Firefox\Profiles\4vgq8seh.default\extensions
    [2011.11.11 11:24:46 | 000,000,000 | ---D | M] ("DownloadHelper [AU]") -- C:\Users\NeoLaw\AppData\Roaming\mozilla\Firefox\Profiles\4vgq8seh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012.05.19 09:22:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\NeoLaw\AppData\Roaming\mozilla\Firefox\Profiles\4vgq8seh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011.11.07 08:40:49 | 000,002,342 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Mozilla\Firefox\Profiles\4vgq8seh.default\searchplugins\icq-search.xml
    [2011.11.11 11:24:48 | 000,000,950 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Mozilla\Firefox\Profiles\4vgq8seh.default\searchplugins\icqplugin-1.xml
    [2011.12.25 13:32:59 | 000,000,950 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Mozilla\Firefox\Profiles\4vgq8seh.default\searchplugins\icqplugin-2.xml
    [2012.01.09 09:30:04 | 000,000,950 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Mozilla\Firefox\Profiles\4vgq8seh.default\searchplugins\icqplugin-3.xml
    [2012.03.03 23:52:04 | 000,000,950 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Mozilla\Firefox\Profiles\4vgq8seh.default\searchplugins\icqplugin-4.xml
    [2011.11.07 17:07:47 | 000,000,950 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Mozilla\Firefox\Profiles\4vgq8seh.default\searchplugins\icqplugin.xml
    [2011.11.26 13:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.01.09 09:29:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NEOLAW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4VGQ8SEH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012.03.01 17:06:32 | 000,325,600 | ---- | M] () (No name found) -- C:\USERS\NEOLAW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4VGQ8SEH.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
    [2012.06.20 00:36:59 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012.03.15 12:23:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.03.15 12:23:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012.03.15 12:23:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2012.03.15 12:23:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.03.15 12:23:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.03.15 12:23:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2011.06.21 10:28:02 | 000,001,391 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
    O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
    O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
    O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
    O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com
    O1 - Hosts: 127.0.0.1 http://www.adobeereg.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 192.150.18.108
    O1 - Hosts: 127.0.0.1 activate.adobe.com:443
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
    O4 - HKLM..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [Windows-Audio Driver] C:\ProgramData\wscntfy.exe ()
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.4\ICQ.exe" silent loginmode=4                                                                                                                                                                                                                           File not found
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [WinLogon] C:\Users\NeoLaw\AppData\Roaming\install.exe ()
    O4 - Startup: C:\Users\NeoLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\NeoLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows-Network Component = C:\Program Files (x86)\Common Files\lsmass.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00DD3BBA-12FD-4428-86AA-B28E5F3B0812}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5918A592-E5E4-4BD5-B3FA-2E3D66EB0E5C}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D94062-418B-4E22-931E-9E2F6E88068B}: DhcpNameServer = 194.94.120.1 194.94.120.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F56EDF0A-A11B-435B-872B-AA889FFA565B}: DhcpNameServer = 139.7.30.125 139.7.30.126
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011.10.19 09:35:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O33 - MountPoints2\{7cfd3cbf-56ff-11df-846b-0024e8f5e2ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{7cfd3cbf-56ff-11df-846b-0024e8f5e2ad}\Shell\AutoRun\command - "" = F:\autorun.exe
    O33 - MountPoints2\{ba36ce56-4f83-11df-82c1-0024e8f5e2ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba36ce56-4f83-11df-82c1-0024e8f5e2ad}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.06.20 10:52:59 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\Desktop\Trojaner
    [2012.06.20 10:51:41 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\NeoLaw\Desktop\OTL.exe
    [2012.06.20 00:39:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\NeoLaw\Desktop\HiJackThis204.exe
    [2012.06.19 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\AppData\Roaming\WinMedia
    [2012.06.16 14:32:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
    [2012.06.14 09:39:47 | 000,000,000 | R--D | C] -- C:\Users\NeoLaw\Desktop\Maria Geschenk
    [2012.06.14 03:10:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
    [2012.06.14 03:10:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
    [2012.06.14 03:10:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
    [2012.06.14 03:04:26 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012.06.14 03:04:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012.06.14 03:04:25 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012.06.14 03:03:19 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
    [2012.06.14 03:02:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012.06.14 03:02:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012.06.14 03:00:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012.06.14 03:00:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012.06.14 03:00:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012.06.14 03:00:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012.06.14 03:00:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012.06.14 03:00:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012.06.14 03:00:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012.06.14 03:00:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012.06.14 03:00:33 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012.06.14 03:00:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012.06.14 03:00:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012.06.14 03:00:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012.06.14 03:00:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012.06.04 20:34:35 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\Desktop\excel_2007
    [2012.05.31 19:06:55 | 000,944,264 | ---- | C] (Skype Technologies S.A.) -- C:\Users\NeoLaw\Desktop\SkypeSetup.exe
    [2012.05.30 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\AppData\Local\Samsung
    [2012.05.30 20:49:07 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\AppData\Roaming\Samsung
    [2012.05.30 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\Documents\samsung
    [2012.05.30 20:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2012.05.30 20:39:26 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
    [2012.05.30 20:39:05 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
    [2012.05.30 20:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
    [2012.05.30 20:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2012.05.30 20:24:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012.05.30 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\AppData\Local\Downloaded Installations
    [2012.05.30 19:41:20 | 093,159,816 | ---- | C] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\NeoLaw\Desktop\Kies_2.3.2.12054_18_2.exe
    [2012.05.24 10:03:26 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\Desktop\Studiumsunterlagen von Dimitri
    [2012.05.23 18:49:34 | 000,325,552 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
    [2012.05.23 18:49:34 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
    [2012.05.23 18:49:32 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
    [2012.05.23 18:49:32 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
    [2012.05.23 18:49:32 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
    [2012.05.23 18:49:32 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
    [2012.05.23 18:49:32 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
    [2012.05.23 18:49:32 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
    [2012.05.23 18:49:32 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
    [2012.05.23 18:49:32 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
    [2012.05.23 18:49:32 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
    [2012.05.23 18:49:32 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
    [2012.05.23 18:49:32 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
    [2012.05.23 18:49:32 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
    [2012.05.23 18:49:32 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
    [2012.05.23 18:49:32 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
    [2012.05.23 18:49:32 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
    [2012.05.23 18:49:32 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
    [2012.05.23 18:49:32 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
    [2012.05.23 18:49:32 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
    [2012.05.23 18:49:32 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
    [2012.05.23 18:49:32 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
    [2012.05.23 18:49:32 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
    [2012.05.22 23:22:47 | 000,000,000 | R--D | C] -- C:\Users\NeoLaw\Dropbox
    [2012.05.22 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2012.05.22 23:19:30 | 000,000,000 | ---D | C] -- C:\Users\NeoLaw\AppData\Roaming\Dropbox
    [2012.05.22 23:18:10 | 017,975,768 | ---- | C] (Dropbox, Inc.) -- C:\Users\NeoLaw\Desktop\Dropbox 1.4.3.exe
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.06.20 10:51:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\NeoLaw\Desktop\OTL.exe
    [2012.06.20 01:25:00 | 000,145,415 | ---- | M] () -- C:\Users\NeoLaw\Desktop\matlab-windows-malavida.exe
    [2012.06.20 00:51:58 | 005,155,328 | ---- | M] () -- C:\Users\NeoLaw\Desktop\windowsdefender1593dt.msi
    [2012.06.20 00:42:26 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.06.20 00:42:26 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.06.20 00:39:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\NeoLaw\Desktop\HiJackThis204.exe
    [2012.06.20 00:34:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.06.20 00:34:20 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012.06.20 00:33:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.06.20 00:33:20 | 3212,189,696 | -HS- | M] () -- C:\hiberfil.sys
    [2012.06.19 23:58:52 | 000,003,536 | ---- | M] () -- C:\bootsqm.dat
    [2012.06.19 22:31:19 | 027,262,976 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\install.exe
    [2012.06.19 20:33:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.06.19 20:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.06.19 13:26:12 | 000,373,268 | ---- | M] () -- C:\Users\NeoLaw\Desktop\MST Übungen.pdf
    [2012.06.19 11:30:52 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.06.19 11:30:52 | 000,765,148 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.06.19 11:30:52 | 000,719,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.06.19 11:30:52 | 000,174,262 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.06.19 11:30:52 | 000,147,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.06.19 10:46:50 | 000,000,164 | ---- | M] () -- C:\Users\NeoLaw\Desktop\120313_samydeluxe_bah.mov
    [2012.06.19 10:08:08 | 000,017,094 | ---- | M] () -- C:\Users\NeoLaw\Desktop\525017_308816025866866_2053055859_n.jpg
    [2012.06.18 19:13:09 | 000,860,522 | ---- | M] () -- C:\Users\NeoLaw\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf
    [2012.06.14 03:41:58 | 005,152,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.06.10 19:31:17 | 000,013,824 | ---- | M] () -- C:\Users\NeoLaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.06.08 23:57:39 | 027,262,976 | -H-- | M] () -- C:\ProgramData\wscntfy.exe
    [2012.06.08 23:57:39 | 027,262,976 | -H-- | M] () -- C:\Program Files (x86)\Common Files\lsmass.exe
    [2012.06.05 22:25:12 | 009,878,996 | ---- | M] () -- C:\Users\NeoLaw\Desktop\Golo Jansen - Es staut sich alles auf .wmv
    [2012.06.04 10:16:42 | 000,004,759 | ---- | M] () -- C:\Users\NeoLaw\Desktop\Max Payne 3 RELOADED [Diff Group].nfo
    [2012.06.02 09:46:03 | 000,260,673 | ---- | M] () -- C:\Users\NeoLaw\Desktop\416353_10150864316336794_1761103095_o.jpg
    [2012.06.01 17:10:50 | 000,001,049 | ---- | M] () -- C:\Users\NeoLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012.06.01 17:10:37 | 000,001,019 | ---- | M] () -- C:\Users\NeoLaw\Desktop\Dropbox.lnk
    [2012.06.01 10:37:54 | 000,012,316 | ---- | M] () -- C:\Users\NeoLaw\Desktop\KeePassDatabase.kdb
    [2012.05.31 19:06:59 | 000,944,264 | ---- | M] (Skype Technologies S.A.) -- C:\Users\NeoLaw\Desktop\SkypeSetup.exe
    [2012.05.30 20:48:57 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
    [2012.05.30 20:30:31 | 001,781,704 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.05.30 19:45:53 | 093,159,816 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\NeoLaw\Desktop\Kies_2.3.2.12054_18_2.exe
    [2012.05.25 10:17:23 | 038,033,899 | ---- | M] () -- C:\Users\NeoLaw\Desktop\Electro_House_2012_Special_Dance_Mix_HQ.mp3
    [2012.05.24 10:46:40 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
    [2012.05.23 18:50:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
    [2012.05.23 18:49:34 | 000,325,552 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
    [2012.05.23 18:49:34 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
    [2012.05.23 18:49:34 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
    [2012.05.23 18:49:32 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2012.05.23 18:49:32 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
    [2012.05.23 18:49:32 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
    [2012.05.23 18:49:32 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
    [2012.05.23 18:49:32 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
    [2012.05.23 18:49:32 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
    [2012.05.23 18:49:32 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
    [2012.05.23 18:49:32 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
    [2012.05.23 18:49:32 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
    [2012.05.23 18:49:32 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\3DAudio.ax
    [2012.05.23 18:49:32 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
    [2012.05.23 18:49:32 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
    [2012.05.23 18:49:32 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
    [2012.05.23 18:49:32 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
    [2012.05.23 18:49:32 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
    [2012.05.23 18:49:32 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012.05.23 18:49:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012.05.23 18:49:32 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
    [2012.05.23 18:49:32 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
    [2012.05.23 18:49:32 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2012.05.23 18:49:32 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
    [2012.05.23 18:49:32 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
    [2012.05.23 18:49:32 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
    [2012.05.23 18:49:32 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
    [2012.05.23 18:49:32 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
    [2012.05.23 18:49:32 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
    [2012.05.23 18:49:30 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
    [2012.05.22 23:57:38 | 000,000,529 | ---- | M] () -- C:\Users\NeoLaw\Desktop\DesktopOK.ini
    [2012.05.22 23:25:42 | 002,749,772 | ---- | M] () -- C:\Users\NeoLaw\Desktop\ATSP.pdf
    [2012.05.22 23:19:21 | 017,975,768 | ---- | M] (Dropbox, Inc.) -- C:\Users\NeoLaw\Desktop\Dropbox 1.4.3.exe
     
    ========== Files Created - No Company Name ==========
     
    [2012.06.20 01:24:47 | 000,145,415 | ---- | C] () -- C:\Users\NeoLaw\Desktop\matlab-windows-malavida.exe
    [2012.06.20 00:50:35 | 005,155,328 | ---- | C] () -- C:\Users\NeoLaw\Desktop\windowsdefender1593dt.msi
    [2012.06.19 23:58:52 | 000,003,536 | ---- | C] () -- C:\bootsqm.dat
    [2012.06.19 22:31:21 | 027,262,976 | -H-- | C] () -- C:\ProgramData\wscntfy.exe
    [2012.06.19 22:31:21 | 027,262,976 | -H-- | C] () -- C:\Program Files (x86)\Common Files\lsmass.exe
    [2012.06.19 22:31:19 | 027,262,976 | ---- | C] () -- C:\Users\NeoLaw\AppData\Roaming\install.exe
    [2012.06.19 13:26:08 | 000,373,268 | ---- | C] () -- C:\Users\NeoLaw\Desktop\MST Übungen.pdf
    [2012.06.19 10:46:48 | 000,000,164 | ---- | C] () -- C:\Users\NeoLaw\Desktop\120313_samydeluxe_bah.mov
    [2012.06.19 10:08:08 | 000,017,094 | ---- | C] () -- C:\Users\NeoLaw\Desktop\525017_308816025866866_2053055859_n.jpg
    [2012.06.18 19:13:09 | 000,860,522 | ---- | C] () -- C:\Users\NeoLaw\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf
    [2012.06.05 22:30:29 | 009,878,996 | ---- | C] () -- C:\Users\NeoLaw\Desktop\Golo Jansen - Es staut sich alles auf .wmv
    [2012.06.04 10:22:43 | 000,004,759 | ---- | C] () -- C:\Users\NeoLaw\Desktop\Max Payne 3 RELOADED [Diff Group].nfo
    [2012.06.02 09:46:03 | 000,260,673 | ---- | C] () -- C:\Users\NeoLaw\Desktop\416353_10150864316336794_1761103095_o.jpg
    [2012.05.30 20:48:57 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
    [2012.05.25 10:14:51 | 038,033,899 | ---- | C] () -- C:\Users\NeoLaw\Desktop\Electro_House_2012_Special_Dance_Mix_HQ.mp3
    [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2012.05.23 18:49:32 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\3DAudio.ax
    [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2012.05.22 23:25:21 | 002,749,772 | ---- | C] () -- C:\Users\NeoLaw\Desktop\ATSP.pdf
    [2012.05.22 23:22:47 | 000,001,019 | ---- | C] () -- C:\Users\NeoLaw\Desktop\Dropbox.lnk
    [2012.05.22 23:20:50 | 000,001,049 | ---- | C] () -- C:\Users\NeoLaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012.01.29 01:00:27 | 000,220,070 | ---- | C] () -- C:\ProgramData\1327791340.bdinstall.bin
    [2011.12.02 13:01:13 | 001,781,704 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.10.14 19:49:29 | 000,009,559 | ---- | C] () -- C:\Users\NeoLaw\AppData\Roaming\data.dat
    [2011.10.06 23:30:34 | 000,000,080 | ---- | C] () -- C:\Users\NeoLaw\AppData\Local\X-Plane Installer.prf
    [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011.05.04 13:18:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2011.05.04 13:18:34 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010.12.14 09:33:04 | 000,013,824 | ---- | C] () -- C:\Users\NeoLaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010.10.10 20:23:39 | 000,000,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010.10.05 16:57:15 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
    [2010.10.05 16:57:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
    [2010.07.30 16:37:52 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
     
    ========== LOP Check ==========
     
    [2012.02.26 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\.minecraft
    [2010.10.26 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\3Dconnexion
    [2010.10.09 20:08:59 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Any DVD Shrink
    [2010.06.03 23:59:19 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Ashampoo
    [2010.11.10 18:21:16 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Autodesk
    [2010.02.20 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Bioshock2
    [2012.01.29 00:59:04 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Bitdefender
    [2010.10.26 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Boilsoft
    [2012.03.14 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Canon
    [2010.05.06 20:40:19 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\DAEMON Tools Lite
    [2010.02.09 14:16:14 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\DAEMON Tools Pro
    [2012.06.20 00:36:19 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Dropbox
    [2012.01.17 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Eqgahu
    [2012.04.14 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\FreeFLVConverter
    [2011.04.22 11:44:18 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\FreeVideoConverter
    [2011.06.01 16:42:23 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Guitar Pro 6
    [2012.04.23 13:11:27 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\ICQ
    [2010.10.10 13:37:18 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\KeePass
    [2010.08.14 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\LucasArts
    [2011.11.11 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\MAGIX
    [2010.07.19 14:10:32 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\My Games
    [2011.10.17 09:17:32 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Nokia
    [2010.02.21 13:48:18 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Notepad++
    [2012.01.25 10:23:34 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Opera
    [2010.09.17 16:01:15 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Panda Security
    [2011.08.19 17:16:44 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\PC Suite
    [2011.01.18 20:41:52 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\PCDr
    [2012.01.29 00:56:20 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\QuickScan
    [2012.05.30 20:49:07 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Samsung
    [2011.09.29 17:52:23 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012.01.24 22:49:45 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\TeamViewer
    [2010.02.09 14:44:28 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Template
    [2012.06.20 10:45:04 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Thunderbird
    [2009.12.16 22:27:38 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\TrueCrypt
    [2010.08.22 14:49:45 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\TS3Client
    [2012.04.28 03:14:02 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\TuneUp Software
    [2011.11.20 00:54:12 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Ubisoft
    [2012.05.16 21:08:56 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\UseNeXT
    [2011.06.03 01:31:36 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Vodafone
    [2012.01.25 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\Windows Search
    [2012.06.20 00:57:26 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\WinMedia
    [2010.10.09 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\NeoLaw\AppData\Roaming\XMedia Recode
    [2011.03.09 22:29:50 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012.03.01 16:20:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.03.09 22:29:50 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
     
    ========== Purity Check ==========
     
     
    
    < End of report >

    Extras.Txt:
    Code:
    OTL Extras logfile created on: 20.06.2012 10:54:01 - Run 1
    OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\NeoLaw\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 22,26% Memory free
    7,98 Gb Paging File | 4,13 Gb Available in Paging File | 51,82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 99,90 Gb Total Space | 5,81 Gb Free Space | 5,81% Space Free | Partition Type: NTFS
    Drive D: | 365,76 Gb Total Space | 306,71 Gb Free Space | 83,85% Space Free | Partition Type: NTFS
     
    Computer Name: NEOLAW3 | User Name: NeoLaw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2D46CABD-2EF4-4DC6-BE4D-D05D90093E68}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{2FB9A386-EDAD-4C08-9C48-F4C60D831DD0}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{375521C9-F503-49F1-BB91-ED7EB27AF7B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{38AE2D04-D5A5-4FC9-B978-FCE88225800D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{4421F431-DE84-46F3-9052-A851C6CEB37A}" = lport=53008 | protocol=6 | dir=in | name=akamai netsession interface | 
    "{4A6CEED7-A751-4DDA-9C70-007030D32A7A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{4E8E7D73-11C5-4592-85FA-BC32C0E36C1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{6B3D4216-EAC5-4464-8E91-41F644D646F1}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{78563616-DC74-4BFE-ABE3-6A9C6EA5A7EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{7E136A0F-C6AE-450A-94D6-540F12832581}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{85C326A5-6541-49E0-9EF6-A31DADF39744}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{86DDD6BA-C5E9-4FE1-9387-BCB2CAE4A51E}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{8770C756-C39E-43CF-AD20-FED083051768}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{87EDB59D-5422-4D1C-973F-8C973D1B65C7}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{8ABB216B-0818-4288-B735-FE794F049DD5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{8CCA5DA6-57DB-4605-9A24-19414DBA9D01}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{8FE3BD2E-AEA3-434B-BED3-AF77BDB7D165}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{91778E9F-77A0-4633-AB94-36DBDC0CE539}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{A2D95F3E-8ECC-4E1F-9A4A-42382836F919}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{A6981592-CCF0-4A66-B448-64F9D5C1DE7E}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{AD51E4B9-C947-4779-A700-E6979E92E851}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{B38500DC-9BBE-443A-88C8-5006944B6CA9}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{B5FE9D84-6964-40BF-8AD1-DADC81CE64EE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{BC60EBE0-E4E0-4BA2-A60A-E4A4876E2B61}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{BCAF9FEF-397D-486F-8530-AB1AE4F17B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
    "{C77A01EC-4D00-48FC-A521-448D686C538E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{CF762C67-780A-4B68-8D5E-0E800C93C178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D835865A-7A36-4E0A-9A9F-C19253000F4E}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{E3BAC7D1-51DA-4371-AB16-C087C3BF7F64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{F66DE27D-A495-4FE1-BBEB-93839195591E}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{FF0DAC06-738F-43C7-84E5-A16952EDB9CE}" = rport=2869 | protocol=6 | dir=out | app=system | 
    "{FF1B81B3-F5C5-4F9A-91F1-8A3C669D3F00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{FF9133EE-0EF9-4712-A27C-AB7EA1E02586}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{020ABBCA-1EEE-404D-A5C1-D4C02E76C3BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{0218E130-2D0C-4F2D-89CD-FD0A4A972888}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
    "{05BF1B36-90AD-47E7-9C85-5FAED0077E20}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{0A005DEE-5497-465B-889B-CCEA6EEB2F13}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{0B1B1006-3001-4F3E-81A6-31C2D4133C03}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
    "{16227375-8236-44DF-AFB4-21DD26617C61}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "{187860DB-F83B-4813-96C1-492084B98EB6}" = protocol=17 | dir=in | app=c:\programdata\wscntfy.exe | 
    "{1D39A5BE-409A-497D-BE31-60DD170B67D5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{20DC0692-EF70-473B-9DF3-3B9355607B3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{22DEEF05-FFA3-46CA-9CB6-D553316A9520}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{24B9599F-47DB-4679-BF74-0273B0457A54}" = protocol=6 | dir=in | app=c:\users\neolaw\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{310FAFB5-141E-4621-8AED-5A73BAE9FFC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{333FE3A3-505A-4BCF-A53A-B64C5B5FE70F}" = protocol=6 | dir=in | app=c:\programdata\wscntfy.exe | 
    "{343DC6A5-D16E-4E61-A6CB-38164B80034B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{36DF53F1-7CD4-4E40-9F18-3ECE3E0895D9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
    "{42A62FA2-D345-47BE-87FF-6A2EAE75F069}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{435571B6-BC1E-4464-A469-EF8007429819}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{54DA43FF-420D-4851-AC81-E0B9C8E1DF60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{57978872-082F-4890-9F66-F0894E492595}" = protocol=6 | dir=out | app=system | 
    "{5E69BA9E-9E35-4DA5-AAE3-D16630ADB011}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
    "{5FBA7F70-0B4C-4113-A538-7D77247F53BC}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
    "{61451450-B395-4479-8D98-E616B10B0E19}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{64C7445F-B9AF-4F5B-A75A-58C560F8858B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{68BA18B9-E788-4869-890C-FBBBA4D62281}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
    "{6F0B140B-C979-4D71-AB62-EA12BDABC939}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{72B998C5-0266-405A-9DE4-FB99E16D958B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{751A5753-E268-42CC-9DD7-BAAFAD274E53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{7812FE44-1441-4FD9-A7D6-966EC56F25FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{790984F5-BED1-454B-8E18-E60AEB8412CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{8AA501FE-B595-4CA9-B161-EE59FDB3AF83}" = protocol=6 | dir=out | app=c:\program files (x86)\sage\gsbuchhalter\gsbuchhalter.exe | 
    "{8BFC03D1-4E5F-4DF9-A531-D0B470B27739}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe | 
    "{8F78CFCA-4D19-4468-B05B-76468F1D605A}" = protocol=6 | dir=in | app=c:\users\neolaw\appdata\local\akamai\netsession_win.exe | 
    "{92A9E6F2-429B-489A-A5A6-F326F39AF874}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{998CCCD6-FFC9-4D40-BC76-BF2159EFFBB7}" = protocol=17 | dir=in | app=c:\users\neolaw\appdata\local\akamai\netsession_win.exe | 
    "{9B2493CF-1A81-47DD-B8E7-7908B04B74FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{A09A4062-35C4-49F0-AE04-F3EFDA62D80F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{A3F913DD-83F7-4B59-9B0A-69F55394105D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A8E66E90-CC05-4C43-BAC5-455E08EE16BF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
    "{A8FFF6BF-55CA-4943-AC9B-8DC20BBC2268}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{ACC2E5B2-2784-466B-ABA5-3F3D79D21C9A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{ADFAC89F-5582-46C0-95C6-653155BB953C}" = protocol=17 | dir=in | app=c:\programdata\wscntfy.exe | 
    "{B0A6AF11-EE6C-4562-8151-FF1C1A9112FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{B902EB64-7782-4A87-9758-29F30C6EEE21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{BC62077B-E94A-452B-BB7A-0897D648D62A}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe | 
    "{BE9A417C-F0DB-4FF7-B630-56348C124C5D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
    "{C22436E1-9907-48B7-91B0-1F7853E91DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "{C2A6D2FD-12EE-45CD-9FE2-631539E92242}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{CAA863C5-AEEC-4D83-B444-9546341707DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{D9DB9610-EF21-4E23-B95E-7BBA41F7173E}" = protocol=6 | dir=in | app=c:\program files (x86)\sage\sagedb 5.0\bin\mysqld-nt.exe | 
    "{DB5BB128-5384-4294-8BFD-299D8CB69AA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{DFBCE23C-4393-473E-A88C-66612F6100FF}" = protocol=17 | dir=in | app=c:\users\neolaw\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{E3C4CCA6-35CF-4BB6-A4BE-3674303D8F58}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
    "{E94FA74E-8DA7-42EB-A5A9-58CBB35DE323}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
    "{EDBAFA88-B5E5-476E-B496-6252884CB523}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{EF3A44E7-40B0-4024-A703-C1B9B100AAE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{FABC19E7-FE94-44EC-8385-37BF0568EC3D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{FC08E36B-A7C9-41DA-B9F6-A2F30C41C39F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
    "{FC3625FB-A39A-405E-9179-75155FED093D}" = protocol=6 | dir=in | app=c:\programdata\wscntfy.exe | 
    "TCP Query User{09A9BD1F-FBEF-4672-88C8-367171B24D9F}C:\users\neolaw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\neolaw\appdata\local\akamai\netsession_win.exe | 
    "TCP Query User{409C0D3C-BCE0-48F1-9781-54B42DBC92CF}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
    "TCP Query User{4CCE304C-B507-4EA9-8AEA-8189B655889B}C:\spiele\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
    "TCP Query User{4D995A1F-B308-42B1-A0FB-160F5D3479BC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "TCP Query User{4E8B1CCF-99AA-41A0-9829-06B569A53333}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
    "TCP Query User{6071CA9B-F308-4D9C-9FFE-5968F137B9BB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
    "TCP Query User{8014FD99-93D9-49BC-9A5D-627435CF9705}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "TCP Query User{9395B1C2-126C-4C45-9862-CFF75D03EB53}C:\programdata\wscntfy.exe" = protocol=6 | dir=in | app=c:\programdata\wscntfy.exe | 
    "TCP Query User{A2AFFC96-AF9F-410E-84A9-01A60175F576}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
    "TCP Query User{A376FA03-F9AB-423A-8CB9-02004E0A9B74}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
    "TCP Query User{CB3A8C91-57AE-4CBB-BFAB-BBBB58C94207}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
    "TCP Query User{CB716410-A030-4411-8D44-827A3134E029}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "UDP Query User{240DEC9F-5D19-4B3F-882B-2C1C15416FC8}C:\users\neolaw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\neolaw\appdata\local\akamai\netsession_win.exe | 
    "UDP Query User{3578D112-1AF8-4EBB-ABA2-7FE7966BF1B0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "UDP Query User{37C46F6E-25C8-4316-97E9-2CF720197C6B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
    "UDP Query User{48DF68AE-E363-40E2-9FC9-ABB8F75ACDE5}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
    "UDP Query User{4CDF333E-F1D0-4536-8185-58D839379B66}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
    "UDP Query User{6FB9B93A-EA40-4CE0-BE82-5054494DB828}C:\spiele\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
    "UDP Query User{710A0389-714B-45B8-A218-982A6F26BFD3}C:\programdata\wscntfy.exe" = protocol=17 | dir=in | app=c:\programdata\wscntfy.exe | 
    "UDP Query User{8CA042ED-7215-4A9D-8B82-EA4200287FAE}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
    "UDP Query User{BFB16346-46E5-4A5D-9A77-2DEC209EB90F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
    "UDP Query User{C63BE9CA-9BED-4957-BABD-F47DCF4385EF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{E1A281FF-A4A7-4653-848B-6BB108A2C27F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
    "UDP Query User{F815CB71-C1CC-407B-8B11-6A3134499FC3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
    "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
    "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
    "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012
    "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{352C53D6-F807-4F27-9696-EEFDE58011A1}" = 3Dconnexion Plug-In for Photoshop CS3 - CS5
    "{3E329006-9EB3-4979-A36B-BA04FB4EB70C}" = 3Dconnexion Add-In for Inventor 11 - 2010
    "{419CDD9A-EB9E-4688-9D9D-9F6B37DECE13}" = 3Dconnexion Add-In for SolidWorks 2005 - 2010 (x64)
    "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
    "{48EF50D6-3411-4DA8-A296-C1933D03B8A9}" = 3Dconnexion Add-On for XSI v3.5 - 2011
    "{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
    "{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
    "{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
    "{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
    "{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
    "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
    "{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
    "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
    "{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
    "{8D0A0350-B509-B362-4827-63E4C6520E7B}" = AMD Catalyst Install Manager
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
    "{96218180-6EF7-4124-9B6E-C9C5C6126987}" = 3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
    "{A27CEA47-5161-4BA5-9087-AED3485AA43B}" = 3Dconnexion 3DxWare (x64)
    "{A4365F0A-5F69-4CC4-81B8-431DBBAF0AFE}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
    "{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C8F1A6BA-41C8-4112-9D99-42B5C9FA5560}" = 3Dconnexion Plug-In for NX v3.0 - v7.5
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{E6D055FE-F27E-4EA3-AB9D-A4D732658E03}" = 3Dconnexion Plug-In for 3ds Max v9 - 2011
    "{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
    "{E93A83EA-109A-44AB-BC0E-A5C233051373}" = 3Dconnexion Plug-In for Maya v8.5 - 2011
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EF90F06A-3B2D-48E3-8C7A-1F2210200476}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
    "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
    "{F1B37AC6-CF3E-4E0C-BAB9-DB0A02B9E3A1}" = 3Dconnexion Add-In for Solid Edge V18 - ST2
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
    "Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
    "Bitdefender" = Bitdefender Internet Security 2012
    "Creative OA002" = Monitor Webcam Driver (1.01.02.0804)  
    "Dell Support Center" = Dell Support Center
    "DWG TrueView 2011" = DWG TrueView 2011
    "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
    "Redirection Port Monitor" = RedMon - Redirection Port Monitor
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
    "{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2C50AD43-5423-4FB2-9BE8-456456A03D1D}" = Sage BankCom
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
    "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
    "{32BFD212-A55E-4D1A-9E42-DB3764B761B8}" = Sage HBCI-Kontaktverwaltung
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
    "{41453848-C257-47D6-A0FB-F7E4500031DF}" = 3Dconnexion Trainer
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{4F245506-3981-4BBD-BD85-04C033C1D886}" = 3Dconnexion Extension for SketchUp
    "{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
    "{580AEA6C-E35C-4470-818F-0F0A083EE1AD}" = Razer Lachesis 5600
    "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
    "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
    "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
    "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6423EAA8-1495-4291-A7F9-D957AA0D3273}" = MAGIX Xtreme Photo & Graphic Designer 5 (Silver)
    "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{74EAA5ED-7DDF-4647-8F90-C746BEB246F8}" = LG United Mobile Drivers
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87F8B2D6-FF7F-4884-9F80-6FC1C6FCE0F2}" = MAGIX Online Print Service
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
    "{8E3EA438-B126-43AE-AF82-B7061531A470}" = 3Dconnexion Collage
    "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
    "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
    "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
    "{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
    "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
    "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
    "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
    "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
    "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{C1ECB98D-1D38-4DBC-976C-457E6BE6EA2B}" = 3Dconnexion Plug-in for Acrobat 3D
    "{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Pro Control Center
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
    "{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
    "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
    "{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
    "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F286530E-62C6-417C-8F74-47830B2503CE}" = MAGIX Photo Manager 10
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Akamai" = Akamai NetSession Interface Service
    "Autodesk Design Review 2011" = Autodesk Design Review 2011
    "Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Dell Webcam Central" = Dell Webcam Central
    "DFX for Winamp" = DFX for Winamp
    "Diablo II" = Diablo II
    "DivX Setup.divx.com" = DivX-Setup
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Jagged Alliance 2" = Jagged Alliance 2
    "KeePass Password Safe_is1" = KeePass Password Safe 1.18
    "LG PC Suite IV" = LG PC Suite IV
    "MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
    "MAGIX_MSI_XtremeGrafik5_Silver" = MAGIX Xtreme Photo & Graphic Designer 5 (Silver)
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Messenger Plus!" = Messenger Plus!
    "Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
    "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenVPN" = OpenVPN 2.1.4
    "PokerTracker3" = PokerTracker 3 (remove only)
    "SABnzbd" = SABnzbd 0.6.15
    "Sage GS-Buchhalter" = Sage GS-Buchhalter
    "SageDB 5.0" = SageDB 5.0
    "StarCraft II" = StarCraft II
    "TrueCrypt" = TrueCrypt
    "TuneUp Utilities 2012" = TuneUp Utilities 2012
    "UseNeXT_is1" = UseNeXT
    "VLC media player" = VLC media player 1.1.11
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMV9_VCM" = Microsoft Windows Media Video 9 VCM
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "Winamp Detect" = Winamp Anwendungserkennung
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 01.12.2011 14:16:47 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 01.12.2011 14:16:47 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 01.12.2011 14:16:47 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    Error - 02.12.2011 06:56:55 | Computer Name = NeoLaw3 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Die Daten sind unzulässig.  .
     
    [ System Events ]
    Error - 19.06.2012 21:21:07 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:21:28 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:22:39 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:22:55 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:23:21 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:23:49 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:23:57 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:24:21 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:24:42 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
    Error - 19.06.2012 21:24:52 | Computer Name = NeoLaw3 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig,
     der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
     
     
    < End of report >
    hijackthis2.log:
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:33:04, on 20.06.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal
    
    Running processes:
    C:\ProgramData\wscntfy.exe
    C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe
    C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Users\NeoLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\ProgramData\ThunderbirdPortable\ThunderbirdPortable.exe
    C:\ProgramData\ThunderbirdPortable\App\thunderbird\thunderbird.exe
    C:\Program Files (x86)\Winamp\winamp.exe
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\Users\NeoLaw\Desktop\HiJackThis204.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: (no name) -  - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O4 - HKLM\..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe                                                                                                                                                                                                     
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [Windows-Audio Driver] C:\ProgramData\wscntfy.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\NeoLaw\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent                                                                                                                                                                                                                                             
    O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~2\ICQ7.4\ICQ.exe" silent loginmode=4                                                                                                                                                                                                                          
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [WinLogon] C:\Users\NeoLaw\AppData\Roaming\install.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Windows-Network Component] C:\Program Files (x86)\Common Files\lsmass.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
    O4 - Startup: Dropbox.lnk = NeoLaw\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
    O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://194.94.120.105 (HKLM)
    O15 - Trusted IP range: http://194.94.120.105
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 12972 bytes

    Außerdem habe ich gerade festgestellt, dass meine Ordneroptionen umgestellt sind, sodass bekannte Dateiendungen ausgeblendet werden (Bsp.: "hijackthis.log" -----> "hijackthis")

    Dann habe ich die Rootkit-Analyse nach Anleitung (Vorbereitung) gemacht

    ---> siehe sarscan.log

    sarscan.log:
    Code:
    Sophos Anti-Rootkit Version 1.5.20  (c) 2009 Sophos Plc
    Started logging on 20.06.2012 at 13:55:35
    User "NeoLaw" on computer "NEOLAW3"
    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    Info:	Starting registry scan.
    Info:	Starting disk scan of C: (NTFS).
    Hidden:	file C:\Windows\Temp\~bd165.tmp
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQVGJPPN\63,26873,26875,26899,26905,26907,26935,26959,26998,26999,27006,28011,28052,28174,29048,29170%26RawValues%3dNGUID%252C3e681922-8097-1577407124-2%26Redirect%3d[1]
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GL11STP\tvt=w;afct=site_content;kgg=-1;kcr=de;longform=1;khd=1;u=2zw8SmsovJc%7C20;dc_dedup=1;ytexp=908403;as3=1;tile=1;kmyd=watch-channel-brand-div;ord=764737148[1].asx
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GL11STP\ntent;kgg=-1;kcr=de;longform=1;khd=1;u=2zw8SmsovJc%7C20;dc_dedup=1;ytexp=908403;as3=1;kmyd=watch-channel-brand-div;dc_seed=217566664;tile=1;ord=307280818[1].htm
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQVGJPPN\=1;kga=-1;ytvt=w;afct=site_content;kgg=-1;kcr=de;longform=1;khd=1;u=2zw8SmsovJc%7C20;dc_dedup=1;ytexp=908403;as3=1;dc_seed=217566664;tile=1;ord=743804446[1].asx
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\tvt=w;afct=site_content;kgg=-1;kcr=de;longform=1;khd=1;u=2zw8SmsovJc%7C20;dc_dedup=1;ytexp=908403;as3=1;tile=1;kmyd=watch-channel-brand-div;ord=706241202[1].asx
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQVGJPPN\ntent;kgg=-1;kcr=de;longform=1;khd=1;u=2zw8SmsovJc%7C20;dc_dedup=1;ytexp=908403;as3=1;kmyd=watch-channel-brand-div;dc_seed=217566664;tile=1;ord=292405591[1].htm
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\=1;kga=-1;ytvt=w;afct=site_content;kgg=-1;kcr=de;longform=1;khd=1;u=2zw8SmsovJc%7C20;dc_dedup=1;ytexp=908403;as3=1;dc_seed=217566664;tile=1;ord=918700096[1].asx
    Hidden:	file C:\Windows\System32\drivers\sptd.sys
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GL11STP\,824,3013,6962,16318,16647,23255,23257,23259,26719,28167,28174,29048,29591&RawValues=NGUID%252C3e681922-8097-1577407124-2&Redirect=;ord=czNhzwl,bhahilcedn[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\8,26999,27006,27007,28011,28052,28167,28174,29048,29170,29591,29661%26RawValues%3dNGUID%252C3e681922-8097-1577407124-2%26Redirect%3d;ord=Wuhnke,bhahilcedK[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GL11STP\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=251091[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=251091[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FTWVDZAE\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=251091[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FTWVDZAE\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=1;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=265367[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GL11STP\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=408776[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQVGJPPN\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=1;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=265367[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQVGJPPN\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=251091[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GL11STP\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=251091[2].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=0;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=408776[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=1;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=265367[1].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQVGJPPN\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=1;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=265367[2].js
    Hidden:	file C:\Users\NeoLaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXC1SY9R\c=0;x1=1;x2=0;x3=0;x4=0;x5=0;x6=0;x7=0;x8=0;x9=0;x10=0;ck_ac=0;ct_s=1;ct_d=0;k11=1;k1=0;k7=1;k4=1;k5=1;k6=0;k2=1;k8=1;k9=1;k10=1;ct_m=0;ct_m=1;;ord=265367[2].js
    Info:	Starting disk scan of D: (NTFS).
    Stopped logging on 20.06.2012 at 14:54:00
    "neu starten" unter "start" angeklickt ---> BlueScreen siehe Anhang3

    Was stimmt nicht mit meinem Baby? Wäre echt klasse, wenn mir jemand helfen kann

    Liebe Grüße
    Neo
    Miniaturansichten angehängter Grafiken Miniaturansichten angehängter Grafiken Trojaner (Rivarts.A?!) Hilfe!-anhang-3.jpg   Trojaner (Rivarts.A?!) Hilfe!-anhang-2.jpg   Trojaner (Rivarts.A?!) Hilfe!-anhang-1.jpg  
    Angehängte Dateien Angehängte Dateien

  2. #2
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.061

    AW: Trojaner (Rivarts.A?!) Hilfe!


    Hallo NeoLaw,

    zunächst bitte anklicken und lesen: Worauf muss ich während der Bereinigung achten?

    Besonders wichtig ist, dass Du die Punkte in der vorgegebenen Reihenfolge abarbeitest.
    Berichte mir, wenn etwas nicht funktioniert, damit ich die Anleitung ggfs. ändern kann!


    Dein Computer ist recht schwer verseucht. Ursache könnte entweder ein verseuchte Software, die Du über BitTorrent heruntergeladen hast oder auch der KMService, der eine Crack zur Freischaltung von Office-Software darstellt. Desweiteren benutzt Du eine gecrackte Version von Adobe CS5. Da auch noch eine Backdoor vorhanden ist, kann ich hier nur noch eine komplette Neuinnstallation inkl. Formatierung und empfehlen und natürlich besser in Zukunft auf derlei Software-Cracks verzichten.


    Backdoor Warnung

    Da Dein Computer mit einer sog. Backdoor (Hintertür) infiziert ist, lies Dir diesen Beitrag sehr aufmerksam durch. Eine Backdoor versteckt sich durch ein Rootkit. Backdoors verursachen diverse Schäden in Windows und erlauben dem Angreifer die komplette Kontrolle über das infizierte System zu übernehmen. Sei Dir bewusst, dass der Angreifer neue Schädlinge bei Bedarf "nachladen" kann, dass er Tastatur-Eingaben mitloggen kann, dass er Programme ausführen kann und/oder sehen kann, was auf Deinem Bildschirm passiert. Daher lautet meine dringende Empfehlung, zu formatieren und Windows neu zu installieren. Das Thema wird sehr kontrovers diskutiert, aber viele Experten aus der "Security Comunity" sind sicher, dass ein einmal mit einer Backdoor infiziertes System auch nach einer Bereiniung nicht wieder als vertrauenswürdig anzusehen ist, denn es ist nicht das Gefährliche, was wir sehen, sondern das, was wir nicht sehen.

    Eine weitere Gefahr bei dieser Art von Infektion ist der Identitätsklau, denn diese Art von Schädling kann alle Deine Passwörter stehlen, E-Mail-Daten, Bankdaten, Karten-Nummern usw. durch Mitloggen der Tastatur-Eingaben ausspionieren. Mit diesem System auf keinen Fall mehr Online-Banking, Filesharing, Mailing oder Messaging betreiben. Keine Up- und Downloads, außer auf Security-Seiten. Es ist daher eine gute Idee, alle auf diesem System gespeicherten oder benutzten Passwörter von einem garantiert sauberen Rechner aus durch neue Passwörter zu ersetzen.

    Bitte trenne den Computer während der Neuinstallation vom Internet (Netz und WLAN), denn wenn der Computer am Netz angeschlossen ist, kann der Angreifer das System weiter modifizieren und/oder vorbeugende Maßnahmen treffen.

    Tiefergehende Informationen zu diesem Thema findest Du bei Gehen Sie sicher ins Internet.

    Da der Computer aktuell als komprimitiert eingestuft wird, unbedingt den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist.
    Mit diesem Computer keinesfalls Online-Banking, Filesharing, Mailing oder Messaging betreiben.
    Keine Up- und Downloads, außer auf Security-Seiten.
    Alle auf diesem System gespeicherten Passwörter von einem garantiert sauberen Rechner aus durch neue ersetzen.
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

  3. #3
    Einsteiger
    Registriert seit
    20.06.2012
    Beiträge
    2

    AW: Trojaner (Rivarts.A?!) Hilfe!

    Vielen, vielen Dank!

  4. #4
    Administrator Team-Mitglied Avatar von Petra
    Registriert seit
    03.05.2007
    Ort
    Nähe Düsseldorf
    Beiträge
    42.061

    AW: Trojaner (Rivarts.A?!) Hilfe!

    Hallo NeoLaw,

    nach der Neuinstallation am besten gleich ein Antivirus-Programm installieren und nicht vergessen, alle Windows Updates einzuspielen

    Ansonsten bleibt mir nur noch, Dir weiterhin viel Spaß zu wünschen und Dir noch einige Tipps zur Absicherung mit auf den Weg zu geben:

    Nachsorge

    Im Anschluss gebe ich Dir einige Tipps und Hinweise, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Malware zu halten. Wenn Dein System infiziert war, rate ich Dir, alle Deine Passwörter zu ändern.

    Bitte betrachte die folgenden Tipps als Vorschläge und nicht als Nonplusultra.


    FileHippo Update Checker

    Lade den FileHippo Update Checker herunter und installiere ihn.
    Während der Installation den Haken bei "Run at Startup" entfernen.
    Lasse den Update Checker prüfen, welche Updates nötig sind und aktualisiere die gemeldeten Programme.
    Die meisten Programme können gleich von dort aus heruntergeladen werden.
    Mache das alle 14 Tage.
    Eine bebilderte und ausführliche Anleitung findest Du hier.


    Absicherung

    Falls noch nicht installiert, solltest Du die folgenden Programme installieren:

    Malwarebytes' Anti-Malware ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung.

    Um Dein System frei von temporären Dateien zu halten, empfehle ich CCleaner, (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe unsere Anleitung.

    Von Java immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren.

    Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Hier kannst Du checken, ob die Plugins im Firefox aktuell sind.

    Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen.

    Als Alternative für die ganzen Messenger kommen Pidgin, Miranda-IM oder Trillian infrage, da sie mit den wichtigsten Protokollen wie AIM, ICQ, IRC, MSN oder Yahoo zurechtkommen. Mit einem dieser Instant-Messenger kannst mit Deinen Chatfreunden über ein einziges Programm Chat-Kontakt halten, ohne x verschiedene Messenger installieren und starten zu müssen.

    "Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem und Programmen oder über Dateidownloads aus unsicheren Quellen.

    Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:
    • Betriebssystem und Software immer auf dem aktuellsten Stand halten.
    • Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
    • Internet Explorer sicher konfigurieren, siehe auch hier und hier.
    • Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
    • Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software/Programme entfernen/deinstallieren.
    • Nicht alles anklicken, wo klickmich draufsteht!
    • Gesunden Menschenverstand und Vorsicht walten lassen,
    • insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
    • am besten auf Filesharing über P2P-Programme ganz verzichten.
    • Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
    • Nicht benötigte Dienste und Programme gar nicht erst starten.
      Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
    • Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
    • Port-Scan-Test.
    • DNS-Einstellungen online bei dns-changer.eu prüfen.
    • WLAN absichern.
    • Sichere Passwörter vergeben und nicht auf dem Computer speichern.
    • Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
    • Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
    • Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
    • Datensicherung nicht vergessen!
      Wichtige Dokumente und Dateien (z. B. Fotos) auf externen Medien sichern.
      Immer eine saubere Datensicherung als zurückspielbares Image (z. B. mit Acronis True Image erstellen) auf Lager haben.
    • Poste im Internet nur Angaben und Fotos, die problemlos am nächsten Tag in der Zeitung stehen dürften,
      das gilt auch für sog. geschützte Räume in Online-Netzwerken.


    In der Regel schließe ich die erledigten Threads kurz nach dem Posten der Nachsorge, damit ich sie nicht mehr unter Beobachtung halten muss. Sollten sich nach der Schließung noch Fragen ergeben, schicke mir eine PN, ich werde den Thread dann wieder öffnen.
    [°¿°] Ciao, Petra

    Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
    Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. hilfe Trojaner
    Von Wheelmen im Forum Archiv
    Antworten: 16
    Letzter Beitrag: 02.03.2010, 22:21
  2. Hilfe Trojaner???
    Von smf im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 09.01.2010, 17:34
  3. Hilfe Trojaner
    Von relamo im Forum Archiv
    Antworten: 34
    Letzter Beitrag: 17.12.2008, 11:44
  4. Hilfe Trojaner
    Von Gloria1977 im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 21.09.2008, 14:24
  5. Antworten: 41
    Letzter Beitrag: 06.04.2006, 17:08

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •