doppelt: Ihr Windows System wurde blockiert - beim Start

ecki3232 · 13.02.2012, 06:14

Hallo, ich habe gestern den "Windows System wurde blockiert" irus auf meinen Rechner bekommen und habe hier im Forum dazu einiges gelesen. OTL vom Oldtimer habe ich dann heruntergeladen und ausgeführt. Ich wäre für jede Hilfe, wie ich den Virus loswerde sehr dankbar.

Nachfolgend sind die Inhalte beider Dateien:

OTL.txt

OTL logfile created on: 13.02.2012 05:22:40 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 52,19% Memory free
3,74 Gb Paging File | 3,13 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 158,50 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive D: | 564,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ARBEITSZIMMER | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - (StarMoney Business 4.0 OnlineUpdate) -- C:\Program Files\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (StarMoney Business 5.0 OnlineUpdate) -- C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (MpKsldcd1a95c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DF22AA6-71BC-4CA5-B988-4E6D5C06405B}\MpKsldcd1a95c.sys ()
DRV - (MpKslfec08ae0) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DF22AA6-71BC-4CA5-B988-4E6D5C06405B}\MpKslfec08ae0.sys ()
DRV - (MpKsl8d8daed0) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DF22AA6-71BC-4CA5-B988-4E6D5C06405B}\MpKsl8d8daed0.sys ()
DRV - (MpKsle51bb4a8) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DF22AA6-71BC-4CA5-B988-4E6D5C06405B}\MpKsle51bb4a8.sys ()
DRV - (MpKsl14559b17) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DF22AA6-71BC-4CA5-B988-4E6D5C06405B}\MpKsl14559b17.sys ()
DRV - (MpKsl355d9f2e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DF22AA6-71BC-4CA5-B988-4E6D5C06405B}\MpKsl355d9f2e.sys ()
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (DeviceGuys, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A E1 F0 71 45 45 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Joerg\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - Extension: YouTube = C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] C:\Program Files\StarMoney Business 5.0\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S File not found
O4 - HKLM..\Run: [StarMoneyRunEntry] C:\Program Files\StarMoney Business 4.0\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Joerg\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://www.miniclip.com/games/spectral-wizard/de/" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Free YouTube Download - C:\Users\Joerg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joerg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265649710117 (Reg Error: Key error.)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://order.ifolor.de/GENERAL/LowRes/app_support/3/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{025D1C96-D97F-415D-A0FA-082CE5816C47}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joerg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joerg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999.10.01 15:47:28 | 000,024,064 | R--- | M] (D) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2009.08.19 13:41:47 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.08.19 13:41:42 | 000,000,171 | R--- | M] () - D:\AUTORUN.INI -- [ CDFS ]
O33 - MountPoints2\{43f4c5a6-b105-11de-b8c9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{43f4c5a6-b105-11de-b8c9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [1999.10.01 15:47:28 | 000,024,064 | R--- | M] (D)
O33 - MountPoints2\{a6925760-015b-11e0-a21b-002618fd6f4e}\Shell\AutoRun\command - "" = G:\start.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.12 21:45:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Joerg\Desktop\OTL.exe
[2012.02.12 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mozilla
[2012.02.12 13:33:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\PSU
[2012.02.12 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A842ADEB-E77C-4A98-9257-3D0BE61FD43B}
[2012.02.12 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{55E0D29B-494F-47B9-9B30-7BE4174077C3}
[2012.02.11 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E5480DF2-A21D-4892-8C68-AAA60037C9C2}
[2012.02.11 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{3C23B61E-D448-4CBF-BC85-12E8E2F2A035}
[2012.02.11 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6C0875CD-3427-4047-BB19-1B91A1B48A5E}
[2012.02.11 17:42:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{EAA93E71-730A-4DE2-9718-093D2C5410E9}
[2012.02.06 21:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Dr.Printer
[2012.02.06 21:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2012.02.06 21:30:21 | 000,038,400 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\drivers\DgivEcpXP.sys
[2012.02.06 21:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. Anwendungen
[2012.02.06 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmarThru 4
[2012.02.06 21:07:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{54CC1C15-A624-4238-A1DB-13DDE64323DD}
[2012.02.06 21:07:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{41F61BB3-6985-4DA3-B6C4-9A3F1227C62F}
[2012.01.28 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\lasse 9 birthday
[2012.01.26 04:25:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BD9C94B0-1562-4CB9-A3CA-6EEFC6C115CB}
[2012.01.26 04:25:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DDE20B25-C891-44A2-96AC-C0DEA3772AE7}
[2012.01.25 19:13:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChessBase
[2012.01.25 19:13:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ChessBase
[2012.01.25 19:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\ChessBase
[2012.01.25 19:12:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fritz und Fertig
[2012.01.25 19:12:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Fritz und Fertig
[2012.01.25 19:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fritz und Fertig
[2012.01.25 13:09:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C466BB53-E516-4EE9-83A8-817EF53BB7F8}
[2012.01.25 13:08:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{768C5A47-0469-4768-89F1-D4C99DFE45E6}
[2012.01.25 00:00:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{11219140-808A-4837-B40B-49A874A71AFB}
[2012.01.24 23:59:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{51046C44-6B1C-4524-A38C-3290A7D72A07}
[2012.01.23 07:33:30 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.15 20:17:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{3DE448BC-5306-44C9-8D02-B0F66C0B7936}
[2012.01.15 20:17:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FAC4BD2A-A54E-466B-A52A-9BEDC9B2E400}
[2012.01.15 20:15:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6B086485-EC11-431A-901C-ADD5DEFCAEB9}
[2012.01.15 20:15:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{251779BA-5955-46D7-A2EA-862C581BE1B7}
[2012.01.15 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{481B677A-949C-456E-A717-CB42B12CEDBC}
[2012.01.15 20:08:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{09C5E6C9-F893-4708-B80F-DE1F213FE735}
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Joerg\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.12 22:31:32 | 000,001,356 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2012.02.12 21:45:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joerg\Desktop\OTL.exe
[2012.02.12 21:33:55 | 000,597,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.12 21:33:55 | 000,104,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.12 21:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 21:23:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 21:23:18 | 000,072,695 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.12 21:23:16 | 000,072,695 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.12 21:23:08 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 21:23:08 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 15:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.11 18:29:56 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2012.02.11 18:28:59 | 000,010,816 | ---- | M] () -- C:\Users\****\AppData\Roaming\SmarThruOptions.xml
[2012.02.11 18:28:11 | 000,000,124 | ---- | M] () -- C:\Windows\Readiris.ini
[2012.02.11 18:26:17 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\SmarThru 4.lnk
[2012.02.06 21:36:35 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Dr.Printer.lnk
[2012.02.01 19:03:08 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000320.LCS
[2012.01.31 13:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 03:22:58 | 000,288,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.25 19:13:47 | 000,001,896 | ---- | M] () -- C:\Users\****\Desktop\Schach.de.lnk
[2012.01.25 19:12:56 | 000,002,006 | ---- | M] () -- C:\Users\****\Desktop\Fritz und Fertig 1.lnk
[2012.01.23 07:33:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.15 20:31:58 | 000,080,896 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.06 21:36:35 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Dr.Printer.lnk
[2012.02.06 21:31:39 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2012.02.06 21:27:18 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\SmarThru 4.lnk
[2012.01.25 19:13:47 | 000,001,896 | ---- | C] () -- C:\Users\****\Desktop\Schach.de.lnk
[2012.01.25 19:12:56 | 000,002,006 | ---- | C] () -- C:\Users\****\Desktop\Fritz und Fertig 1.lnk
[2011.09.27 17:55:14 | 004,223,268 | ---- | C] () -- C:\ProgramData\SamPCFax000014B40000
[2011.01.21 17:45:50 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.21 17:45:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.10.26 17:51:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.01 10:04:12 | 000,080,896 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.19 20:39:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.19 20:39:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.04 19:38:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.10.04 18:40:08 | 000,010,816 | ---- | C] () -- C:\Users\****\AppData\Roaming\SmarThruOptions.xml
[2009.10.04 18:39:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2009.10.04 18:39:27 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.10.04 18:39:25 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2009.10.04 18:39:10 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009.10.04 18:39:07 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009.10.04 18:35:11 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.10.04 18:33:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009.10.04 18:33:32 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009.10.04 18:33:32 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009.10.04 18:33:32 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009.10.04 18:20:48 | 000,113,768 | R--- | C] () -- C:\Windows\WiaInst.exe
[2009.10.04 18:19:21 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2009.10.04 18:13:16 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.10.04 18:08:14 | 000,072,695 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.04 18:08:14 | 000,072,695 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.10.04 18:02:52 | 000,004,984 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.10.04 17:58:58 | 000,001,356 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2009.09.30 12:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2008.10.30 18:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 17:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,288,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,597,486 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll

========== LOP Check ==========

[2011.10.09 07:19:51 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.#
[2010.03.23 23:01:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2009.10.04 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe_Limited
[2011.03.08 15:43:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cornelsen
[2010.11.06 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.08 18:28:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Facebook
[2011.02.01 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2011.02.24 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InterTrust
[2011.02.24 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDisc
[2009.10.04 18:40:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SmarThru4
[2010.07.29 16:43:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2010.01.10 09:21:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WEBDE
[2012.02.12 16:22:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.txt
OTL Extras logfile created on: 13.02.2012 05:22:40 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 52,19% Memory free
3,74 Gb Paging File | 3,13 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 158,50 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive D: | 564,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ARBEITSZIMMER | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0590D4ED-6093-4616-ACB5-5C5F261B9DDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25BD5903-1CB7-4F0E-9ED1-C35CB3A97C70}" = lport=138 | protocol=17 | dir=in | app=system |
"{37A0F732-4D41-402D-90AD-22DB911E38FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6187B817-0984-43E2-AD88-481E0B0E0525}" = lport=137 | protocol=17 | dir=in | app=system |
"{62ED6280-E1D0-4B9B-BFEB-181FB8CF4B0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{700AB74F-7B26-454F-8C5F-09B2CCB8C392}" = lport=139 | protocol=6 | dir=in | app=system |
"{8BE1E8BD-F7A4-4B25-A448-FE0901B89C72}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6313ED8-E9A0-4651-9FF2-8C03273898AD}" = rport=445 | protocol=6 | dir=out | app=system |
"{B23BEAC8-3814-4117-910E-B39BCAA46688}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB727D04-B423-43B3-9674-5068AB6B93F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EBD7B27A-EB14-4187-8D8C-E5664370C2A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6F4A775-B9EF-47F2-9595-DC9A64BAE41E}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07646FEA-59BD-4F06-B401-665A8CC26192}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09D181E1-2F66-4221-94D0-0C6D9C34BCCF}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{12B77F66-E1F5-40A6-91D2-721CD5CC6349}" = protocol=17 | dir=in | app=c:\program files\starmoney business 4.0\app\starmoney.exe |
"{154215F4-74C9-4117-A61E-73517B61F70D}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{1ABAE77B-15DF-43F7-B4C7-8229F86C23C4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1EA107EE-4FD0-460A-BA83-9F2D4BF69A00}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{224B9784-13B9-4925-BCE0-DE2829400637}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{24B37D5F-F67C-4372-B6BB-679586CA27CA}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{2AE20300-061F-46AA-9F0E-CE31D9B67183}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B9D73C0-D213-44EF-8AC6-F09B9CDCE0C7}" = protocol=17 | dir=in | app=c:\program files\starmoney business 5.0\app\starmoney.exe |
"{2EAB86B9-B909-4E89-AAD6-94B06CA340D3}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{3FD8D0E6-796C-4264-995C-0CBC93A01007}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{409317D5-55A1-410C-AAF5-BC7391950548}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{4885B77A-C950-430A-A805-D008C822B21D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4ED5A121-FD6E-4F1E-BA9A-7897887605F9}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{517B9E84-7247-4F8A-A469-981EEA5C81D6}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{574DCB0E-A1B8-4080-ADC0-EA896C094B2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{592E0F22-7BCE-4522-9B79-AAB91D64F931}" = protocol=6 | dir=in | app=c:\program files\starmoney business 5.0\app\starmoney.exe |
"{6863C809-CEF5-4B23-8F49-37C310C760D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80867158-0E1B-4744-9963-250A256BDD06}" = protocol=6 | dir=in | app=c:\program files\starmoney business 4.0\app\starmoney.exe |
"{847762A2-EE11-4416-92D5-B13966E88B6D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{912281DF-4273-4E21-9C62-C903AFBEF8C9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{947BE3F6-7534-42EE-B14E-86B6611FE730}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{98275AA9-2BFA-492E-A7D4-D352DEC685B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C3BEB13-8332-4B15-9D87-4D67518BCB90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C78F2C85-7702-4223-BEDD-E6889F03EB92}" = protocol=17 | dir=in | app=c:\program files\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe |
"{CB404BBE-C58F-4B9A-A5C2-BA71946D8CF2}" = protocol=17 | dir=in | app=c:\program files\starmoney business 4.0\ouservice\starmoneyonlineupdate.exe |
"{CDDD29B3-2DE2-464E-BB03-B142C1388A74}" = protocol=6 | dir=in | app=c:\program files\starmoney business 4.0\ouservice\starmoneyonlineupdate.exe |
"{CF6F6FBC-E85C-40F4-BC85-43DE3EEEE686}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3A60141-AB2D-4701-AE7B-C2ADEBD541DC}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{D443C28C-5349-4843-950E-E91B39A9CDA1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{DC9F1F5E-5345-4D72-B676-4F0E8816F9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBA9B137-9C91-4814-8A09-B5A5F133EA9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9C215E0-4A31-46B1-A258-D695785504D5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FB910D21-5B1B-40E6-A156-B407B3DE46B5}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{FC6EF387-0D2C-4461-9CA7-DCCD3C873A58}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FECE38EC-4877-4636-8742-3CE4D1665850}" = protocol=6 | dir=in | app=c:\program files\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe |
"TCP Query User{13EC887F-6C40-41BB-8DA9-E9D3027C6F73}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{22806B91-1558-42A9-822C-AE4ACD0485E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2B559D26-6263-4BA3-B759-A5578A8244D7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{926EF43D-12F8-4568-9680-BDD9EF4ABF8C}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"TCP Query User{A7432332-E726-4FF9-9FE0-448A84A509BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AC873794-CE25-47F3-80A8-A451A04C1AA3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{ACA1AF47-9D0F-46D4-9ED5-C3618D12D961}C:\windows\system32\wuauclt.exe" = protocol=6 | dir=in | app=c:\windows\system32\wuauclt.exe |
"TCP Query User{E09785E7-5038-497C-BCC0-7003F87842D2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{0E644800-E45D-4A49-99D4-6A70030B08FC}C:\windows\system32\wuauclt.exe" = protocol=17 | dir=in | app=c:\windows\system32\wuauclt.exe |
"UDP Query User{1F54CC1F-7178-43D9-A36B-300E8CBC0D67}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"UDP Query User{26BACF07-E365-4E46-922F-B596F99DB868}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{47DF8358-22D7-4344-B1CC-CAFCAA80568F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{615059E8-8F00-4C60-90F8-F29CDC8970AD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{77A69B8B-767F-4E49-8C0C-4605652F9817}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{87D6B2CE-0711-4180-8A9A-E00B06963FB3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DA5CAC0-6790-4C8E-B18A-036C68756688}" = Fritz und Fertig 2
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{31CA28D1-CAE0-48EF-BFFF-BA9C81BA055A}" = StarMoney
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0A487A-6EDA-440A-9CC7-C6A007E53674}" = English G 21 e-Workbook D4 GA
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A1AB136-5632-4BDA-B46D-FF29D5CA7C06}" = StarMoney Business 4.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C56FDA99-C32D-4CC0-A5D3-8BC830612052}" = StarMoney Business 5.0
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F73E5B02-7AE5-4C9B-A55B-8279F51210C9}" = Goldfinger Junior
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Fritz und Fertig 1" = Fritz und Fertig 1
"Google Chrome" = Google Chrome
"GUT 1" = GUT 1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SBMWW" = Schiffe bauen mit Willy Werkel
"Schach.de" = Schach.de
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SmarThru PC Fax" = SmarThru PC Fax
"Spy Cleaner Platinum 9.8 Trial Version" = Spy Cleaner Platinum 9.8 Trial Version
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Play65" = Play65

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.02.2012 11:19:55 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

Error - 12.02.2012 11:25:14 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

Error - 12.02.2012 11:27:01 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4609
Description =

Error - 12.02.2012 11:27:49 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

Error - 12.02.2012 11:37:15 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

Error - 12.02.2012 16:10:15 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4609
Description =

Error - 12.02.2012 16:11:02 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

Error - 12.02.2012 16:23:40 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

Error - 12.02.2012 16:28:37 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4609
Description =

Error - 12.02.2012 16:28:46 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 27.04.2010 12:48:52 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2569
seconds with 960 seconds of active time. This session ended with a crash.

Error - 28.09.2010 10:52:04 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 274836
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 06.12.2010 13:08:42 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 618459
seconds with 12960 seconds of active time. This session ended with a crash.

Error - 03.03.2011 03:30:38 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 216023
seconds with 2700 seconds of active time. This session ended with a crash.

Error - 18.03.2011 15:01:28 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84726
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12.02.2012 16:27:25 | Computer Name = Arbeitszimmer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:25:38 on 12.02.2012 was unexpected.

Error - 12.02.2012 16:28:28 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10005
Description =

Error - 12.02.2012 16:28:37 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10005
Description =

Error - 12.02.2012 16:28:42 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10005
Description =

Error - 12.02.2012 16:28:47 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 16:28:47 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7026
Description =

Error - 12.02.2012 16:29:08 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10005
Description =

Error - 12.02.2012 16:29:09 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10005
Description =

Error - 12.02.2012 21:07:40 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10005
Description =

Error - 12.02.2012 21:07:40 | Computer Name = Arbeitszimmer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.1802.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

< End of report >

doppelt: Ihr Windows System wurde blockiert - beim Start

Mülltonne: doppelt: Ihr Windows System wurde blockiert - beim Start

doppelt: Ihr Windows System wurde blockiert - beim Start

Ähnliche Themen: doppelt: Ihr Windows System wurde blockiert - beim Start