Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AKM 50€-Virus... und nichts geht mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.03.2012, 17:14   #1
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



Hallo!!

Auch mich hat der 50 Euro akm Virus erwischt und selbst beim Start mit dem abgesicherten Modus kommt nur die Aufforderung 50€ zu zahlen bzw. ein Bildschirm, der mich auf ein Verbindungsproblem hinweist. Ich bin bei solchen Problemen nicht der Kundigste und habe dringend Hilfe nötig!

Herzlichen Dank!

Alt 03.03.2012, 17:16   #2
markusg
/// Malware-holic
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



hi,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________

Alt 03.03.2012, 21:08   #3
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



herzlichen Dank für die schnelle Hilfe, nach ein wenig hin und her hab ich's jetzt geschafft!

Also:
OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2012 20:24:17 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = I:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,24 Gb Total Space | 11,29 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 211,16 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive G: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 702,81 Mb Total Space | 674,86 Mb Free Space | 96,02% Space Free | Partition Type: UDF
 
Computer Name: AMBROSIUS | User Name: ambros
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.09 10:44:26 | 000,316,888 | ---- | M] (Protection Technology) [Auto] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2010.05.18 14:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2008.12.08 09:19:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.09.05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008.06.13 03:55:49 | 001,245,064 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.03.26 14:26:56 | 000,341,328 | ---- | M] () [Auto] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.28 00:06:27 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008.02.09 23:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.02.01 15:12:44 | 000,151,552 | ---- | M] (Droppix) [On_Demand] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.22 08:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (NAVEX15)
DRV - File not found [Kernel | On_Demand] --  -- (NAVENG)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (hwusbfake)
DRV - [2010.10.09 10:44:26 | 003,333,808 | ---- | M] (Protection Technology) [Kernel | System] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.24 15:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.02.19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.02.19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009.01.09 09:33:38 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.09.12 08:33:24 | 000,270,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081106.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008.09.09 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008.09.05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.08.07 13:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.08.07 13:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.07.30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.05.09 02:01:42 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.27 10:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.11 18:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.14 07:51:50 | 000,280,192 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.01 00:51:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008.02.01 00:51:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008.02.01 00:51:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.08.09 00:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.02.16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Stift Kremsmünster: Startseite NEU
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.stift-kremsmuenster.at/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.27 11:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.20 11:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 16:01:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.27 11:58:08 | 000,000,000 | ---D | M]
 
[2011.09.19 09:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ambros\AppData\Roaming\mozilla\Extensions
[2008.10.04 07:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ambros\AppData\Roaming\mozilla\Firefox\extensions
[2012.03.03 19:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\ambros\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012.02.23 10:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ambros\AppData\Roaming\mozilla\Firefox\Profiles\hiyebr87.default\extensions
[2012.02.23 10:22:16 | 000,000,933 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\11-suche.xml
[2012.02.23 10:22:15 | 000,002,419 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\englische-ergebnisse.xml
[2012.02.23 10:26:41 | 000,010,553 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\gmx-suche-sterreich.xml
[2012.02.23 10:22:16 | 000,010,525 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\gmx-suche.xml
[2012.02.23 10:22:15 | 000,002,457 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\lastminute.xml
[2012.02.23 10:22:15 | 000,005,508 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\webde-suche.xml
[2011.09.19 09:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\AMBROS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIYEBR87.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.12.20 11:37:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.20 11:37:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.20 11:37:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.20 11:37:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.20 11:37:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.20 11:37:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.20 11:37:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark X1100 Series]  File not found
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ambros\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09-Registrierung.lnk = C:\Program Files\EA SPORTS\FIFA 09\Support\EAregister.exe (Leader Technologies)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk = C:\Program Files\EA SPORTS\FIFA 11\Support\EAregister.exe (Leader Technologies)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK = D:\Assassin's Creed\Register\RegistrationReminder.exe (Ubisoft)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\ambros\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ambros\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222086231 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ambros\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ambros\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.05 17:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0f186bf1-6cbd-11e0-8fe2-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{0f186bf1-6cbd-11e0-8fe2-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{19d79518-656c-11df-8cc0-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{19d79518-656c-11df-8cc0-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{71cd3570-0a4d-11e0-bbd9-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{71cd3570-0a4d-11e0-bbd9-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{71cd365e-0a4d-11e0-bbd9-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{71cd365e-0a4d-11e0-bbd9-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{76e6a2c4-076b-11e0-9721-001eec8bc161}\Shell - "" = AutoRun
O33 - MountPoints2\{76e6a2c4-076b-11e0-9721-001eec8bc161}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9277fb2a-b611-11e0-95e5-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9277fb2a-b611-11e0-95e5-0021866681d7}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{be400346-31dc-11df-aff0-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{be400346-31dc-11df-aff0-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eadc3e72-7c53-11df-b9f1-001eec8bc161}\Shell - "" = AutoRun
O33 - MountPoints2\{eadc3e72-7c53-11df-b9f1-001eec8bc161}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f0e4d242-3007-11df-baa2-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e4d242-3007-11df-baa2-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f0e4d256-3007-11df-baa2-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e4d256-3007-11df-baa2-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3586771B-B3ED-B11B-2F21-F2AA9DAC0F7C} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DC611BB9-EF13-F453-EE8D-FCD4698DDDB5} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.02 23:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.02 23:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.02 22:44:28 | 000,000,000 | ---D | C] -- C:\Users\SatorArepo
[2012.03.01 19:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ovid
[2012.02.21 19:44:52 | 000,000,000 | ---D | C] -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.02.21 19:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.02.21 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Skispringen 2006 Demo
[2012.02.21 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\ambros\Favorites\Documents\Deluxe Ski Jump 4
[2012.02.21 19:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2012.02.21 19:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4
[2012.02.03 17:00:12 | 000,000,000 | ---D | C] -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.02.03 16:58:44 | 000,000,000 | ---D | C] -- C:\Users\ambros\AppData\Roaming\Dropbox
[2008.12.09 19:41:57 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDPhcp.dll
[2008.12.09 19:41:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
[2008.12.09 19:41:56 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
[2008.12.09 19:41:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
[2008.12.09 19:41:55 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
[2008.12.09 19:41:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
[2008.12.09 19:41:54 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
[2008.12.09 19:41:54 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
[2008.12.09 19:41:53 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdpih.exe
[2008.12.09 19:41:52 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
[2008.12.09 19:41:51 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoms.exe
[2008.12.09 19:41:50 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
[2008.12.09 19:41:50 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
[2008.12.09 19:41:50 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdpcfg.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\ambros\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\ambros\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\ambros\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\ambros\AppData\Local\bass.dll
[18 C:\Users\ambros\Favorites\Documents\*.tmp files -> C:\Users\ambros\Favorites\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.03 20:18:37 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.03 20:18:37 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.03 20:18:37 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.03 20:18:37 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.03 19:51:31 | 000,001,162 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk
[2012.03.03 19:38:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.03 19:36:40 | 000,000,269 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.03.03 19:35:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.03 19:34:10 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.03 19:33:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 19:33:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 19:33:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.03 19:33:06 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.03 19:25:50 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.03.03 19:25:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.02.24 00:08:09 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.24 00:06:43 | 986,685,519 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PcmFreaks-Vintage03-DB.rar
[2012.02.24 00:06:43 | 845,654,016 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sommer2010.mpg
[2012.02.24 00:06:43 | 723,343,360 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\rohfassung.mpg
[2012.02.24 00:06:43 | 476,562,614 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB Realnames 2010 PackagePatch1_8 for PCM 2010.rar
[2012.02.24 00:06:43 | 436,844,159 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_CM_Stages1.rar
[2012.02.24 00:06:43 | 245,067,171 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_CM_Stages3.rar
[2012.02.24 00:06:43 | 216,779,801 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\stages_28.06.10.rar
[2012.02.24 00:06:43 | 2110,230,528 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italiänische Reise.mpg
[2012.02.24 00:06:43 | 188,836,360 | ---- | M] (Cyanide                                                     ) -- C:\Users\ambros\Favorites\Documents\Setup-Patch-1.0.4.2-From-1.0.0.0.exe
[2012.02.24 00:06:43 | 164,539,715 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_CM_Stages2.rar
[2012.02.24 00:06:43 | 1355,362,756 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Paris-Helena.avi
[2012.02.24 00:06:43 | 1187,985,408 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sommer2010fertig.mpg
[2012.02.24 00:06:43 | 117,890,992 | ---- | M] (Cyanide                                                     ) -- C:\Users\ambros\Favorites\Documents\PCM2010_multi_patch_1.0.1.8.exe
[2012.02.24 00:06:43 | 1163,400,092 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ParisundHelena.avi
[2012.02.24 00:06:43 | 099,381,968 | ---- | M] (Cyanide                                                     ) -- C:\Users\ambros\Favorites\Documents\Setup-Patch-1.0.3.0-From-1.0.2.2.exe
[2012.02.24 00:06:43 | 091,329,504 | ---- | M] (Cyanide                                                     ) -- C:\Users\ambros\Favorites\Documents\PCM2010_Patch-1.0.2.2-From-1.0.1.8.exe
[2012.02.24 00:06:43 | 065,522,686 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pilhofer.pdf
[2012.02.24 00:06:43 | 039,179,070 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_v2_Patch 2.rar
[2012.02.24 00:06:43 | 036,918,430 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fußball11.wmv
[2012.02.24 00:06:43 | 028,660,389 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italiänische Reisemail.ppsx
[2012.02.24 00:06:43 | 019,681,629 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PutzII.pdf
[2012.02.24 00:06:43 | 012,030,439 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fussball_WM_YOUTUBE_VIDEO_DOWNLOAD.mp4
[2012.02.24 00:06:43 | 010,573,899 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\italiänischeReise.ncd
[2012.02.24 00:06:43 | 008,118,160 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\patrickstunde.wmv
[2012.02.24 00:06:43 | 008,116,716 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Patrick's lesson.wmv
[2012.02.24 00:06:43 | 006,990,412 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mit15.mp3
[2012.02.24 00:06:43 | 006,694,558 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\profess.ncd
[2012.02.24 00:06:43 | 006,633,082 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Matondo-Tuzizila_Simon_Afrikanisches_Christentum.pdf
[2012.02.24 00:06:43 | 005,283,456 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Marchart_Kultur-_und_Medienbegriff_der_CS.pdf
[2012.02.24 00:06:43 | 005,252,857 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pro Cycling Manager 2010 CRACK+SERIAL.rar
[2012.02.24 00:06:43 | 004,612,430 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italien2011.pds
[2012.02.24 00:06:43 | 003,730,749 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Single_INTRONEU.mp3
[2012.02.24 00:06:43 | 003,679,255 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pastor AEternus.pdf
[2012.02.24 00:06:43 | 003,441,822 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Parratt_JOhn_Theologiegeschichte_der_Dritten_Welt_Afrika.pdf
[2012.02.24 00:06:43 | 003,421,869 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\patrickstunde.wma
[2012.02.24 00:06:43 | 003,323,904 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\sprung.pps
[2012.02.24 00:06:43 | 003,284,103 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mette%20theolst..pdf
[2012.02.24 00:06:43 | 003,249,132 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB Giant 2010 for PCM 2010 v3.rar
[2012.02.24 00:06:43 | 003,248,096 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_2074.JPG
[2012.02.24 00:06:43 | 003,179,409 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pygmalion.wma
[2012.02.24 00:06:43 | 003,071,944 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_9491.JPG
[2012.02.24 00:06:43 | 002,923,572 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sapientia+Christiana.pdf
[2012.02.24 00:06:43 | 002,872,922 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version7+copy.jpg
[2012.02.24 00:06:43 | 002,822,110 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sommer2010.pds
[2012.02.24 00:06:43 | 002,779,621 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\schatz.pds
[2012.02.24 00:06:43 | 002,599,713 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\MDB87141-interrail_broschuere_final_ohne_kanten.pdf
[2012.02.24 00:06:43 | 002,360,567 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5715(1).JPG
[2012.02.24 00:06:43 | 002,267,286 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5718(1).JPG
[2012.02.24 00:06:43 | 002,191,609 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Trani.wma
[2012.02.24 00:06:43 | 002,176,281 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\DSCF2131a.jpg
[2012.02.24 00:06:43 | 002,151,199 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pästum.wma
[2012.02.24 00:06:43 | 002,066,221 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\gp_raiffeisen.zip
[2012.02.24 00:06:43 | 002,046,428 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Klein%20prakt.theol.pdf
[2012.02.24 00:06:43 | 002,044,444 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Dilllersberger.pdf
[2012.02.24 00:06:43 | 001,954,445 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Uni.pds
[2012.02.24 00:06:43 | 001,835,446 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Kongress+Teheran+März+2011.pdf
[2012.02.24 00:06:43 | 001,832,409 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\pompei1.wma
[2012.02.24 00:06:43 | 001,815,339 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PlakatA1.jpg
[2012.02.24 00:06:43 | 001,697,709 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Siena.wma
[2012.02.24 00:06:43 | 001,678,907 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\faszination.zip
[2012.02.24 00:06:43 | 001,665,389 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\marathon_staffel_A4.pdf
[2012.02.24 00:06:43 | 001,665,073 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5698(1).JPG
[2012.02.24 00:06:43 | 001,623,907 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\fronts10_linz_druck.jpg
[2012.02.24 00:06:43 | 001,603,419 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\venedigpadua.wma
[2012.02.24 00:06:43 | 001,486,679 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Venedig2.wma
[2012.02.24 00:06:43 | 001,463,827 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\drn-nhl4.rar
[2012.02.24 00:06:43 | 001,438,209 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\TheoFest1.jpg
[2012.02.24 00:06:43 | 001,338,509 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Herculaneum.wma
[2012.02.24 00:06:43 | 001,243,246 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\linzmarathon.pdf
[2012.02.24 00:06:43 | 001,200,932 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PRN_Uni1-02_2413_001.pdf
[2012.02.24 00:06:43 | 001,190,339 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\kuschel 1.wma
[2012.02.24 00:06:43 | 001,159,904 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\flyerA5_GMG11.pdf
[2012.02.24 00:06:43 | 001,134,280 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5280(1).JPG
[2012.02.24 00:06:43 | 001,129,713 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_2969(1).JPG
[2012.02.24 00:06:43 | 001,121,730 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Local.cdb
[2012.02.24 00:06:43 | 001,109,519 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Venezia11.wma
[2012.02.24 00:06:43 | 001,095,526 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mappa_linee.pdf
[2012.02.24 00:06:43 | 001,078,089 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\venezia1.wma
[2012.02.24 00:06:43 | 001,006,249 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\heimreise.wma
[2012.02.24 00:06:43 | 000,977,897 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\StageNormandieFix.rar
[2012.02.24 00:06:43 | 000,913,248 | ---- | M] (DivX, LLC) -- C:\Users\ambros\Favorites\Documents\DivXInstaller.exe
[2012.02.24 00:06:43 | 000,902,979 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Trix4.wma
[2012.02.24 00:06:43 | 000,879,564 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\LogoAdresseBmpVersuch.bmp
[2012.02.24 00:06:43 | 000,858,079 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\pompei2.wma
[2012.02.24 00:06:43 | 000,840,119 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pisa.wma
[2012.02.24 00:06:43 | 000,831,139 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\trix3.wma
[2012.02.24 00:06:43 | 000,759,299 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\napoli.wma
[2012.02.24 00:06:43 | 000,635,919 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\TRIANGEL_Logo.jpg
[2012.02.24 00:06:43 | 000,593,297 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Medienpädagogikportfolio.pdf
[2012.02.24 00:06:43 | 000,580,656 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\romaepiu_cose.pdf
[2012.02.24 00:06:43 | 000,566,230 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Gruppenarbeit_PS-Arbeit_Reinhard_Stiksel.pdf
[2012.02.24 00:06:43 | 000,557,249 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ITalienABschluss.wma
[2012.02.24 00:06:43 | 000,540,195 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_3646(1).JPG
[2012.02.24 00:06:43 | 000,535,706 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_3646(1)(1).JPG
[2012.02.24 00:06:43 | 000,525,819 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Epilog.wma
[2012.02.24 00:06:43 | 000,518,829 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version3+copy.jpg
[2012.02.24 00:06:43 | 000,462,959 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\pozzuoli.wma
[2012.02.24 00:06:43 | 000,454,983 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ÖKT+Konferenz+Planung.pdf
[2012.02.24 00:06:43 | 000,437,098 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PRN_Uni1-02_1408_001.pdf
[2012.02.24 00:06:43 | 000,433,215 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Gruppenarbeit_Reinhard_Stiksel.pdf
[2012.02.24 00:06:43 | 000,432,478 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PerformerativerRU_PSA_Freudl_Stiksel.pdf
[2012.02.24 00:06:43 | 000,397,161 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PCM2010_Variants_full.pdf
[2012.02.24 00:06:43 | 000,381,781 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Karajanplatz.pdf
[2012.02.24 00:06:43 | 000,359,689 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Gaisberg.wma
[2012.02.24 00:06:43 | 000,346,219 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\firenze.wma
[2012.02.24 00:06:43 | 000,340,676 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version1+copy.jpg
[2012.02.24 00:06:43 | 000,335,810 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sponsorenbrief_Fest2011.pdf
[2012.02.24 00:06:43 | 000,329,112 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Stellungnahme+StV-FV-Theologie+zu+ÖH-Artikel.pdf
[2012.02.24 00:06:43 | 000,321,296 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\WerbeformularSTVTheol.pdf
[2012.02.24 00:06:43 | 000,310,299 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italien1.wma
[2012.02.24 00:06:43 | 000,305,978 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PAtrick Profess.pdf
[2012.02.24 00:06:43 | 000,301,319 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\tr1.wma
[2012.02.24 00:06:43 | 000,299,552 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\LNP_Salzburg_2009.pdf
[2012.02.24 00:06:43 | 000,294,995 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Rede_Helmke_160107.pdf
[2012.02.24 00:06:43 | 000,292,762 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\mittelfristige Planung_Stiksel_Schwarz.pdf
[2012.02.24 00:06:43 | 000,286,489 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PS_EF_Wissenschaftliches_Arbeiten_Augustinus.pdf
[2012.02.24 00:06:43 | 000,286,255 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version2+copy.jpg
[2012.02.24 00:06:43 | 000,283,106 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\StwInfo_20110311.pdf
[2012.02.24 00:06:43 | 000,274,379 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PB1.wma
[2012.02.24 00:06:43 | 000,270,156 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\erstsemestrigenabendWS10.jpg
[2012.02.24 00:06:43 | 000,256,476 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\sporerklein.odp
[2012.02.24 00:06:43 | 000,255,628 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Patricksprofess.pds
[2012.02.24 00:06:43 | 000,253,790 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\lp_ahs-os.pdf
[2012.02.24 00:06:43 | 000,253,790 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Lehrplan_AHS-Oberstufe_2006.pdf
[2012.02.24 00:06:43 | 000,251,929 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Prooemium.wma
[2012.02.24 00:06:43 | 000,248,828 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Theolfest_2011_Gästeliste.pdf
[2012.02.24 00:06:43 | 000,247,439 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Unbenannt (3).wma
[2012.02.24 00:06:43 | 000,245,868 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\setup_CEWE_FOTOBUCH_Software.exe
[2012.02.24 00:06:43 | 000,242,688 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\NewsletterWalterHuberAugust2010.dot
[2012.02.24 00:06:43 | 000,242,405 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\flyerA5_tpb_10-11_lr.pdf
[2012.02.24 00:06:43 | 000,238,424 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fussball_2010_Flyer_D_GESAMT_Sommerfest.pdf
[2012.02.24 00:06:43 | 000,223,300 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mögliche Sponsoren 2011.pdf
[2012.02.24 00:06:43 | 000,217,258 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\HdE+-+Exerzitien+2010+-+9.pdf
[2012.02.24 00:06:43 | 000,213,559 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Entwicklungsplan+Fachbereiche+03-05-2011+_2_.pdf
[2012.02.24 00:06:43 | 000,201,981 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Paed_Theorien_fuer_den_Unterricht.pdf
[2012.02.24 00:06:43 | 000,201,864 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Einkaufsliste_Theolfest_2011.pdf
[2012.02.24 00:06:43 | 000,194,413 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PDR.dmp
[2012.02.24 00:06:43 | 000,194,032 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\stages_28.06.10_2nd_part.rar
[2012.02.24 00:06:43 | 000,186,954 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Jesus+und+die+Ehebrecherin.pdf
[2012.02.24 00:06:43 | 000,179,055 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Vatikan.pdf
[2012.02.24 00:06:43 | 000,166,619 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\verona.wma
[2012.02.24 00:06:43 | 000,151,398 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Troja2.pds
[2012.02.24 00:06:43 | 000,144,183 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\UDF1.nru
[2012.02.24 00:06:43 | 000,135,384 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Wissenschaftsrat,+Empfehlungen+zur+Weiterentwicklung+von+Theologien,+Berlin+2010,+51-59.pdf
[2012.02.24 00:06:43 | 000,125,799 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Nikolaus von Myra.pdf
[2012.02.24 00:06:43 | 000,125,669 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fachbereiche+2011.pdf
[2012.02.24 00:06:43 | 000,123,552 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\nticket.pdf
[2012.02.24 00:06:43 | 000,121,836 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\JacdeVoragine_Nikolausgeschichte.pdf
[2012.02.24 00:06:43 | 000,118,748 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\jticket.pdf
[2012.02.24 00:06:43 | 000,109,105 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Troja.pds
[2012.02.24 00:06:43 | 000,105,705 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Studierende_Entwicklungsplan_11_03_18.pdf
[2012.02.24 00:06:43 | 000,097,120 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\[Untitled].pdf
[2012.02.24 00:06:43 | 000,095,339 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\JesusElvis_definite.jpg
[2012.02.24 00:06:43 | 000,092,683 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Entwicklungsplan-Vortext-alle.pdf
[2012.02.24 00:06:43 | 000,085,728 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\sem.pdf
[2012.02.24 00:06:43 | 000,084,536 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\StuZi+Koordination+WS10-11.pdf
[2012.02.24 00:06:43 | 000,084,457 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Kirchliche_Statistik_2008_Pastoraldaten.pdf
[2012.02.24 00:06:43 | 000,082,534 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fussball_2010_ERGEBNISLISTE.pdf
[2012.02.24 00:06:43 | 000,080,230 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\VORAUs.pds
[2012.02.24 00:06:43 | 000,080,070 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\F3A1NN8P.pdf
[2012.02.24 00:06:43 | 000,075,576 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_84459533.PDF
[2012.02.24 00:06:43 | 000,072,284 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Kursportfolio%20RP-MP.pdf
[2012.02.24 00:06:43 | 000,067,630 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\liste_studentenheime.pdf
[2012.02.24 00:06:43 | 000,063,067 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Theologiefest_Salzburg.pdf
[2012.02.24 00:06:43 | 000,060,000 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Linie120.pdf
[2012.02.24 00:06:43 | 000,057,944 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Tagesordnung.pdf
[2012.02.24 00:06:43 | 000,056,490 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Folie1.JPG
[2012.02.24 00:06:43 | 000,055,765 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Theolfest_2011_Diensteinteilung_11_05_25.pdf
[2012.02.24 00:06:43 | 000,052,985 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Zitat+des+Jahres.jpg
[2012.02.24 00:06:43 | 000,049,932 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\RomaPass.pdf
[2012.02.24 00:06:43 | 000,049,917 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\theol-relpaed012.pdf
[2012.02.24 00:06:43 | 000,048,628 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\theol-fachth.pdf
[2012.02.24 00:06:43 | 000,044,950 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\strossmayer_rede.pdf
[2012.02.24 00:06:43 | 000,039,679 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_91678738.PDF
[2012.02.24 00:06:43 | 000,039,424 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_94905807.pdf
[2012.02.24 00:06:43 | 000,039,379 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_90833127.PDF
[2012.02.24 00:06:43 | 000,039,296 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\tagesreichweiten_des_fernsehens_in_oesterreich_2008_nach_alter_021238.pdf
[2012.02.24 00:06:43 | 000,039,083 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_86894517.PDF
[2012.02.24 00:06:43 | 000,037,951 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_88487559.PDF
[2012.02.24 00:06:43 | 000,037,950 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_87688360.PDF
[2012.02.24 00:06:43 | 000,036,668 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Wichtige_Informationen_Marathon_2010.pdf
[2012.02.24 00:06:43 | 000,036,635 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Eschenlohe Salzburg.pdf
[2012.02.24 00:06:43 | 000,035,878 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\dvd.odt
[2012.02.24 00:06:43 | 000,032,466 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Salzburg Eschenlohe.pdf
[2012.02.24 00:06:43 | 000,029,076 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PEtrus.odt
[2012.02.24 00:06:43 | 000,012,494 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Florian1.nra
[2012.02.24 00:06:43 | 000,004,979 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Unbenannt (2).wma
[2012.02.24 00:06:43 | 000,002,170 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Laacher Weihnacht.lpp
[2012.02.24 00:06:43 | 000,002,108 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PowerDirector.lnk
[2012.02.24 00:06:43 | 000,001,905 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\oöweihnacht.lpp
[2012.02.24 00:06:43 | 000,000,188 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\savonarole01_de.rmvb
[2012.02.24 00:06:42 | 248,335,072 | ---- | M] (                                                            ) -- C:\Users\ambros\Favorites\Documents\CyberLink.3022_GM3_VDE090708-01.exe
[2012.02.24 00:06:42 | 065,522,686 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Aufsaetze-II_imprimatur.pdf
[2012.02.24 00:06:42 | 062,007,387 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\DArge.wma
[2012.02.24 00:06:42 | 034,829,419 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\christaab3.wma
[2012.02.24 00:06:42 | 031,057,819 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall5-189.wma
[2012.02.24 00:06:42 | 024,614,669 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\bergkristall4-173.wma
[2012.02.24 00:06:42 | 022,234,967 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Darge1512.wma
[2012.02.24 00:06:42 | 017,233,109 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall2-155.wma
[2012.02.24 00:06:42 | 008,167,799 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall3-159.wma
[2012.02.24 00:06:42 | 006,140,244 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Boff-Antlitz.pdf
[2012.02.24 00:06:42 | 005,513,629 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\060807-002-GettyVilla001.jpg
[2012.02.24 00:06:42 | 005,469,309 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Apoll2.wma
[2012.02.24 00:06:42 | 004,373,881 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\20110526_THEOfestl_szg.jpg
[2012.02.24 00:06:42 | 003,852,909 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\christa1+2.wma
[2012.02.24 00:06:42 | 003,754,129 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall1-145f.wma
[2012.02.24 00:06:42 | 003,552,971 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Alberigo_G-Das_Zweite_Vatikanische_Konzil.pdf
[2012.02.24 00:06:42 | 002,545,565 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\7769-07.pdf
[2012.02.24 00:06:42 | 002,443,480 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\5526-03.pdf
[2012.02.24 00:06:42 | 001,657,299 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Assisi.wma
[2012.02.24 00:06:42 | 001,310,179 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Ambros.jpg
[2012.02.24 00:06:42 | 001,226,259 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Apoll1.wma
[2012.02.24 00:06:42 | 001,212,789 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AssisiAncona.wma
[2012.02.24 00:06:42 | 001,176,869 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\bologna.wma
[2012.02.24 00:06:42 | 000,971,913 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\20110526_THEOfestl_szg_A3HOCH_WEB.jpg
[2012.02.24 00:06:42 | 000,955,864 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+28+30.12.10.pdf
[2012.02.24 00:06:42 | 000,887,754 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\20110526_THEOfestl_szg_flyerA6HOCH_FRONT_WEB.jpg
[2012.02.24 00:06:42 | 000,751,574 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+27+16.12.10[1]
[2012.02.24 00:06:42 | 000,733,947 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\booklet_1.pdf
[2012.02.24 00:06:42 | 000,575,171 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\booklet_pdf.pdf
[2012.02.24 00:06:42 | 000,572,248 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\110420101048.jpg
[2012.02.24 00:06:42 | 000,548,269 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Beatrix2.wma
[2012.02.24 00:06:42 | 000,521,329 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abschluss.wma
[2012.02.24 00:06:42 | 000,441,371 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+36+20.04.11.pdf
[2012.02.24 00:06:42 | 000,438,063 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+31+10.02.11.pdf
[2012.02.24 00:06:42 | 000,427,304 | ---- | M] (CyberLink) -- C:\Users\ambros\Favorites\Documents\CyberLink PowerDirector Downloader.exe
[2012.02.24 00:06:42 | 000,427,039 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\beatrix1.wma
[2012.02.24 00:06:42 | 000,425,373 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+39+01.06.11.pdf
[2012.02.24 00:06:42 | 000,367,788 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+26+02.12.10.pdf
[2012.02.24 00:06:42 | 000,317,229 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\01%20Medien-Kommunikation-Kultur.pdf
[2012.02.24 00:06:42 | 000,265,668 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bibelvideostunde.pdf
[2012.02.24 00:06:42 | 000,154,560 | ---- | M] (MediaGet LLC) -- C:\Users\ambros\Favorites\Documents\crack_no_cd_pro_cycling_manager_2010.rar_mediaget.exe
[2012.02.24 00:06:42 | 000,134,901 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bus28.pdf
[2012.02.24 00:06:42 | 000,123,998 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bus1.pdf
[2012.02.24 00:06:42 | 000,102,717 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+20+09.09.10.pdf
[2012.02.24 00:06:42 | 000,100,707 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+23+21.10.10.pdf
[2012.02.24 00:06:42 | 000,098,212 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\akabend.pdf
[2012.02.24 00:06:42 | 000,095,150 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+22+07.10.10.pdf
[2012.02.24 00:06:42 | 000,093,001 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AN+17+01.07.10.pdf
[2012.02.24 00:06:42 | 000,092,498 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+15+02.06.10.pdf
[2012.02.24 00:06:42 | 000,079,788 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\164751501.PDF
[2012.02.24 00:06:42 | 000,068,150 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ausschreibung2011_uni.pdf
[2012.02.24 00:06:42 | 000,053,760 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Ablauf
[2012.02.24 00:06:42 | 000,050,132 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AbteiNews+Spezial+-+29.07.10.pdf
[2012.02.24 00:06:42 | 000,042,925 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\03%20Medienkritik%20Ganguin.pdf
[2012.02.24 00:06:42 | 000,036,662 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AbteiNews+Nr.+10+25.03.10[1]
[2012.02.24 00:06:42 | 000,000,180 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\090925_hinweis_default.asx
[2012.02.23 14:31:53 | 000,002,591 | ---- | M] () -- C:\Users\ambros\Desktop\Microsoft Office Word 2007.lnk
[2012.02.23 10:13:18 | 000,000,935 | ---- | M] () -- C:\Users\ambros\Desktop\Dropbox.lnk
[2012.02.23 10:13:18 | 000,000,915 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.23 10:08:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.23 10:05:19 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForambros.job
[2012.02.22 08:08:13 | 000,000,916 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.02.21 19:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.02.21 19:06:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2012.02.21 08:42:11 | 000,000,806 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
[2012.02.21 08:36:12 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.02.21 08:36:12 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.02.21 08:35:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.20 20:11:09 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ambros.job
[2012.02.19 18:30:56 | 000,001,190 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09-Registrierung.lnk
[2012.02.17 09:06:45 | 002,292,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.17 08:56:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.02.07 20:39:20 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000017B0.LCS
[18 C:\Users\ambros\Favorites\Documents\*.tmp files -> C:\Users\ambros\Favorites\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.03 17:52:44 | 3218,956,288 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.21 08:42:11 | 000,000,806 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
[2012.02.21 08:35:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.04 16:04:39 | 000,000,935 | ---- | C] () -- C:\Users\ambros\Desktop\Dropbox.lnk
[2012.02.03 17:00:36 | 000,000,915 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.29 10:48:11 | 000,001,478 | ---- | C] () -- C:\Users\ambros\AppData\Local\RecConfig.xml
[2011.09.21 13:19:48 | 000,000,192 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\default.rss
[2011.02.10 09:25:32 | 000,000,632 | ---- | C] () -- C:\Windows\eReg.dat
[2010.12.27 11:37:17 | 000,217,485 | ---- | C] () -- C:\Windows\hpoins39.dat
[2010.09.05 12:09:32 | 000,000,101 | ---- | C] () -- C:\Windows\lexstat.ini
[2010.09.05 12:08:45 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE
[2010.09.05 12:08:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
[2010.09.05 12:08:41 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2010.09.05 12:08:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2010.03.12 03:31:01 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.09.17 07:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 07:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.05 01:03:17 | 000,000,703 | ---- | C] () -- C:\Windows\hpomdl39.dat
[2009.02.28 08:58:51 | 005,068,152 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009.02.28 08:58:51 | 000,013,785 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008.12.09 19:44:58 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdpcoin.dll
[2008.12.09 19:42:10 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdprwrd.ini
[2008.12.09 19:41:58 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDPinst.dll
[2008.12.09 19:41:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
[2008.11.30 10:21:08 | 000,009,824 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\wklnhst.dat
[2008.11.23 12:40:28 | 000,026,682 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\UserTile.png
[2008.10.29 17:38:12 | 000,000,487 | ---- | C] () -- C:\Windows\System32\SP701ASM.dat
[2008.10.29 17:37:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SP701ALM.dll
[2008.10.29 17:37:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SP701ASM.exe
[2008.10.04 13:49:04 | 001,012,736 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.10.04 13:49:04 | 000,012,800 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008.10.04 07:21:02 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.16 07:01:21 | 000,000,680 | ---- | C] () -- C:\Users\ambros\AppData\Local\d3d9caps.dat
[2008.09.11 07:43:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.10 16:44:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.09.09 21:04:14 | 000,243,200 | ---- | C] () -- C:\Users\ambros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.04 03:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.08.04 02:48:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.04 02:48:29 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2008.08.04 02:48:29 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2008.08.04 02:48:29 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2008.08.04 02:48:29 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2008.06.13 13:22:34 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.13 13:22:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.13 13:22:34 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.13 13:22:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.06.13 05:26:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.06.13 03:37:30 | 000,005,332 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.05.08 23:14:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.08 22:44:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 11:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.04 20:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.11.28 18:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\ambros\AppData\Local\lame_enc.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,292,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\ambros\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\ambros\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\ambros\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\ambros\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\ambros\AppData\Local\no23xwrapper.dll
[2002.09.13 16:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.04.01 11:00:00 | 000,320,512 | ---- | C] () -- C:\Windows\System32\W32MKDE.EXE
[2001.04.01 11:00:00 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2008.12.08 09:23:11 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Canneverbe_Limited
[2008.12.09 13:43:51 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\com.adobe.ExMan
[2012.03.03 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Dropbox
[2008.10.04 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Droppix
[2011.08.22 09:40:38 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\DVDVideoSoft
[2011.08.21 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.26 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\GetRightToGo
[2012.03.03 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\gtk-2.0
[2009.09.27 12:45:44 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\HartlauerFotoService3
[2011.10.07 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Leadertech
[2010.12.26 18:02:23 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\map&guide
[2012.03.03 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Media Get LLC
[2008.11.30 10:45:22 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\OpenOffice.org
[2009.03.26 22:12:37 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\PeerNetworking
[2011.10.09 10:36:42 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Pro Cycling Manager 2010
[2012.03.03 19:26:11 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\ProtectDISC
[2011.09.15 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Slitherine
[2008.11.30 10:21:10 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Template
[2012.01.21 00:58:38 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Ubisoft
[2008.12.08 13:55:26 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Video DVD Maker FREE
[2008.12.27 08:31:43 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\WildTangent
[2011.12.24 23:30:42 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Winter Sports 2011
[2010.10.16 16:36:34 | 000,000,000 | ---D | M] -- C:\ProgramData\3DVIA
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009.05.29 08:47:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008.10.04 13:49:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Droppix
[2008.10.04 07:23:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Elaborate Bytes
[2011.12.26 11:26:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008.12.09 19:42:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Ezprint
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.03.14 15:11:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2008.09.11 12:52:56 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010.12.26 18:00:41 | 000,000,000 | ---D | M] -- C:\ProgramData\map&guide
[2011.05.28 12:28:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Media Get LLC
[2008.09.14 07:15:32 | 000,000,000 | ---D | M] -- C:\ProgramData\OrbNetworks
[2010.07.27 10:54:31 | 000,000,000 | ---D | M] -- C:\ProgramData\SmartSound Software Inc
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.07.25 19:45:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.01.20 22:39:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009.07.13 13:32:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2008.12.08 08:22:08 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008.06.13 05:11:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012.01.25 17:57:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2012.02.24 00:08:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.18 03:19:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D25907D5-CBA6-4AFE-B903-A4A2E18B8E63}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.03.03 01:15:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.12.19 13:10:30 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.29 12:15:02 | 000,000,000 | ---D | M] -- C:\COMTEST
[2009.07.29 12:15:19 | 000,000,000 | ---D | M] -- C:\COMTEST_HOME_V650
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.15 10:09:30 | 000,000,000 | ---D | M] -- C:\drivers
[2008.12.17 18:06:08 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.01.03 08:57:46 | 000,000,000 | ---D | M] -- C:\Games
[2008.06.13 05:40:31 | 000,000,000 | -H-D | M] -- C:\HP
[2008.12.09 19:47:27 | 000,000,000 | ---D | M] -- C:\logs
[2008.06.13 05:07:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.03 00:08:45 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.03.02 23:28:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.15 15:49:48 | 000,000,000 | ---D | M] -- C:\Slitherine Ltd
[2008.09.09 20:47:17 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.03.03 20:22:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.09 20:47:17 | 000,000,000 | -H-D | M] -- C:\System.sav
[2010.12.15 10:15:41 | 000,000,000 | ---D | M] -- C:\TEMP
[2012.03.02 22:44:28 | 000,000,000 | R--D | M] -- C:\Users
[2008.12.08 13:55:26 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2012.03.03 19:26:38 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
[2008.06.06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Users\ambros\Filmordner\PowerDirector\EventLog.dll
[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Users\ambros\PowerDirector\EventLog.dll
[2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Users\ambros\USBStick\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< CREATERESTOREPOINT >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\ambros\Favorites\Documents\rohfassung.mpg:TOC.WMV
< End of report >
         
--- --- ---
__________________

Alt 03.03.2012, 21:10   #4
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



und die extras-Liste:

RASOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.03.2012 20:55:51 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = I:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,24 Gb Total Space | 11,25 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 211,16 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive G: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 702,81 Mb Total Space | 639,33 Mb Free Space | 90,97% Space Free | Partition Type: UDF
 
Computer Name: AMBROSIUS | User Name: ambros
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-320825625-2981028103-1688675666-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03270EF0-B31E-4D51-B4E1-7237BD586CCC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0A37F5F0-C037-4429-9F2A-095419BD1ACB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D3FB593-CB5F-4953-8387-9B9B83ECBC20}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{23CA3A70-EFDC-4356-BE16-193F3324B610}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{379E1693-F938-4F0A-90CB-C2E5259B644D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{573C3627-4602-40FE-BF57-92C255207638}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5AC50EBF-B0C2-4A76-AE9B-32A2D8CFBAA7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5BA0A75F-8D6F-4BBF-9503-FA106D413ADC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{6415BF11-91D6-49DB-8C0E-F14DAB2D9E90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6856E770-64DB-44A3-99AD-63097A8B41E4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7283BADA-058E-46B6-BCBA-E9B65F9D12EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74502AF8-3C8E-4EC2-80D5-6C3C2A20221F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7BBC4813-ADBF-499F-96D0-931803A5C8CF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{840ADCFD-36C4-40D2-8D74-9784E7C1EAE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84ED9F84-D5DA-4917-98E8-437F7E5911EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{92FE17BE-71F7-46F7-A693-959F565431F2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{93AFF6C4-7149-491A-A96A-5220A9CCDBC6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B56BD2B-A474-4482-A71C-532EBDD42832}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A9D12304-29C4-42AF-85C7-FB8B5CE34EFA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC58103C-04CE-4870-8218-9388A3173C46}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AD24903A-CA7F-4101-AEB6-7CF8D9640CC6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CC2CFEA2-E0B5-411C-83DF-D393725B1821}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D69118FF-AB68-4F42-A350-57C16C6A2683}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9B13611-3263-459F-A3D0-91D4C1BDBEEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DDFF87DC-78F5-4447-8EA8-28717314429B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DEA47B64-089E-45CB-B8E2-BF02A2D4158E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E761C6C4-1735-4994-B948-2D16DD8D5D3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA29571C-EF3B-46BD-9958-ED5D5A27E74D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F00D7F59-1A02-42DF-8D19-F282C37D3EA4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8C2C574-D99D-430F-A375-48383F42C869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0207436F-4488-446A-9DD9-B66BC368016D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{07930548-3C3B-433E-B3F3-A4327D3257EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AFC2C63-C97D-4208-AECE-975964A73657}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B81BA00-1C81-4C5B-9A4E-2AE347ECE23B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0D0A8006-F2D9-46ED-BF61-F484890D2DEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0DF4A04F-A6F4-4BBA-A3E0-15EFF6545DC9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{0E512F93-B00E-4766-A3A6-6C95AC689EEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{143CC33D-2092-4BEA-8934-DD92F8859E83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{16E3A47E-375E-43E9-BE6D-2762DCF1C57A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{1AE7326B-1CDE-4AAE-BA8F-98EBE5C7B87F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2234DF98-5707-4353-B326-A88243A640DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | 
"{254BF2D4-CCA2-4D66-BDEF-20550554EEA4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{29C377E2-A7EA-46E7-833A-5F73D0241404}" = protocol=6 | dir=out | app=system | 
"{306B0885-87BC-4438-8644-F4422B32DD6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3275DAEA-2416-4F65-A9DA-4810C0F2395D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{397724E2-2E0B-4D6C-95FB-7B00EFB39B64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C1294ED-B344-44B0-85D2-875D0D0E10D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3F63B092-D972-41ED-803B-FAEFB6ECB7E5}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{40B46D9C-833F-48AD-949E-8F1582A21D21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4641BB0D-6B20-46A8-8E99-7E5DA4397AEB}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe | 
"{46A5C5A4-62A5-4DB6-B049-BCA395A28DAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{489B8E51-662A-4801-B022-916025C5D70A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{49063CC1-D840-4C02-9FE3-618A064318CC}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{5BF5205E-034C-4E63-9ECC-40ED81CD6795}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{60BE305E-E66E-4C9E-924F-506742C4AB55}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{610399C2-692C-40A4-9BF1-DE89F7154F75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{65FBC768-7152-4B51-9D4A-0B347E391CD2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6E091F29-4AC5-464B-AB13-944A76C7C3D1}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe | 
"{72A2340E-2177-4B7F-B759-D25A5C0830CF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{73DB8C34-1864-4CDA-9D0E-5C9E67EA9324}" = protocol=6 | dir=in | app=c:\users\ambros\appdata\roaming\dropbox\bin\dropbox.exe | 
"{74389C02-014D-480E-AF1B-021594078AF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77361811-B8DF-45D5-A830-C536DC0DC00C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{7D985193-9953-446A-BC9E-1258BA4032F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E0DA987-B4B0-4A05-ABC6-26E78B7CDB88}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe | 
"{81EF69B3-3F6C-4204-9537-4166B46BC54D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{8440AD3D-957E-43CA-9679-8A140155144C}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{84F3FF7F-F8C2-4CAB-AD6E-4BA5C5E03848}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8847DA14-7D9A-4A64-91F7-A5F3F8119EAC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{8D6C27FD-6B44-4A2F-B5AE-82953CDA6309}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{91BC1FC5-E32A-4893-98F9-33266A3E6446}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe | 
"{92FF157B-E949-4E6D-90FF-19ABC57931B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9BC77039-9DC2-4C77-A761-73E74EDDEEA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9BFC3B44-1757-4898-9C92-B3AEAEBEF136}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9D2245F7-1D48-4671-8B29-777FE76F2DD6}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe | 
"{9FB9F2BB-C9D2-4AA2-BF64-237CE8A18AE2}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe | 
"{A013E249-8B72-4F58-8B89-F8F2916FA3E8}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe | 
"{A3E0FCA7-8D9D-4D91-A818-974607B1B8FB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{AD82C8BF-B5D2-4AE7-A8E1-5AADF063651D}" = protocol=17 | dir=in | app=c:\users\ambros\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BA39CC57-A502-4CB5-9224-E413A2392940}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BADC8D02-6739-4E8A-946E-D885A454B26C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{C08836E0-911C-4471-B1F7-EE622957EDCA}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 
"{C1883AA0-0674-4BBE-A38E-AAAAC4DECEC8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{C5B39AFE-533D-4DB2-B01F-007DD93B1C6A}" = protocol=6 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
"{CC598DCD-61EF-4FAD-B27E-C48B110403D2}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 
"{D18297FA-0414-4C0E-846E-F8EB50C8B8A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D21E22C5-A023-47D9-B2D2-AA9E4617EA7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D442E6D4-4FF5-4BE3-800A-C831FD243ED7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DA5ED9DC-3931-4F1A-B88B-94A67E11FE21}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{DE37F91C-2B78-4EA5-9A40-90852CC76678}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{DF8986D1-8419-4A41-9E61-BEB4361E19CF}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{E0422518-BBE9-4C41-9197-BC1314312F40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{E18CF34F-4934-4BF4-A402-103851AE16C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{E7A8BA99-4553-43E7-97E2-8C83CD4B058C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe | 
"{EB549A2C-8936-455A-903A-857931244EBB}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{EE20702C-3AB9-4EC9-A915-E6D4E54A8012}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{F0A3A056-8055-439F-9A30-464409C04FBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1143941-0F09-47B9-B247-01E820026D7D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{F2B12524-9202-431C-9062-236852F7E96F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F2BE102C-BCA4-4B5B-859E-B5AFEF894B6D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{F2D777C3-D6B3-4CCB-9564-830017C9F5DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F45B631F-BF23-4E1D-9860-D64C2889DC35}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{F8374E8E-894A-4F6E-93FC-4A1F1CA442A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FF95C877-BDCE-4CAF-AEA3-51B9FDBC1611}" = protocol=17 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B10898-0693-5E45-8C0B-CB4B0C2CB5C9}" = CCC Help Spanish
"{01E71682-7A62-31B6-2E19-82C4C2C410C3}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05F5ADF7-B9BF-E5AC-FDA4-C412C150763F}" = Catalyst Control Center Localization Greek
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0892BA56-B55A-EA45-74A7-C728BEFCEE4A}" = Catalyst Control Center Localization Norwegian
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0BCE001B-D952-7242-1378-6B3188B7CDB6}" = Catalyst Control Center Localization Swedish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{111CE1DA-F2B6-B449-8BDC-BFA807EEF343}" = Catalyst Control Center Localization Thai
"{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z
"{1550A772-F3DF-9DCA-70E4-5BA5FEDBDDEE}" = CCC Help Norwegian
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1966E880-43C4-491F-9707-DF6DA870E5F2}" = SymNet
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.14.0.29
"{1B835521-00CB-B242-2072-DA41AE7E9F11}" = CCC Help Turkish
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{246771C5-5589-C809-90A3-95D380CAEB0C}" = CCC Help Dutch
"{253C3A51-A249-470F-A787-5645B289A118}" = Civilization III v1.21f
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2ACA4FB1-A1DB-BACF-05D8-9F654ED1F6F9}" = CCC Help Danish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{335901DF-7FC7-76E9-AEFB-3BD15D5C1B8E}" = Catalyst Control Center Localization German
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{37F36B08-76D1-58D0-0B62-C873B3F1E04A}" = Catalyst Control Center Graphics Full Existing
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43519E32-0AC9-ACBF-0AC9-000CEDEBCAFB}" = CCC Help Russian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440EE84D-A37A-E283-D538-0A4E94AC6243}" = Catalyst Control Center Localization Dutch
"{456B2B42-C082-8B6F-923C-2C8920ECF559}" = Catalyst Control Center Localization Czech
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4816702A-0879-4499-0085-ACFC0F65E811}" = NHL 2004
"{48382386-BA53-3B91-668C-DE3F4969C00C}" = ccc-core-static
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49521D72-2856-C7B9-F54E-26B116606B0D}" = Catalyst Control Center Localization Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D44D635-6EDA-4FA5-AB9B-23CF73DA58EA}" = Nero Express OEM
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50C5DCCD-C82F-3D45-AAC8-1E094717FF9B}" = CCC Help Czech
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{54F98E59-AC27-F6D6-8DF3-29E38BB1AFF9}" = Catalyst Control Center Localization Korean
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57921C23-454B-1B45-6C32-B1A8BFC76875}" = Catalyst Control Center Localization French
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5C9B4046-4B37-3595-7BAF-1FFF58F2BA88}" = Catalyst Control Center Core Implementation
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{61C2601F-D1F4-6CC3-858B-80A54A1C1360}" = CCC Help Greek
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E25BE3B-8E16-3A78-2BA7-1482A2D4743F}" = CCC Help English
"{6F26A541-E756-4C24-A36B-EFD3C6217EAF}" = CCC Help German
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722B4A13-F24D-43AE-8813-5DB82C0B23C2}" = HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{7491471D-DA69-6E11-623D-F3BCAF65F922}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}" = ATI Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F82D79D-81EF-DC6C-69FF-A45C282B1986}" = CCC Help Swedish
"{81ACE059-6894-21DE-E3AB-E8D6AF38B5C4}" = Catalyst Control Center Localization Portuguese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min
"{8572742E-08EA-FCEF-458A-4CE90851E804}" = Catalyst Control Center Localization Russian
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECCB29-DA5E-4002-B211-C3A148E48D63}" = map&guide base
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D8ABD26-50FA-2D1B-2B3D-72DEF1E800D0}" = ccc-utility
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F0CFF10-034C-EE7E-3B2D-8C7F117BB3A6}" = Catalyst Control Center Localization Finnish
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9075DF27-7C34-D2D5-4E66-970E0E99E320}" = Catalyst Control Center Graphics Light
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.538.0
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9858B284-0ACC-3EB1-BBF7-B0D1A5D0C2FD}" = CCC Help Japanese
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A85A260-CC99-8DA9-0D03-60C12BE82189}" = CCC Help Polish
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6C29FF-850B-9425-7B34-B21526874121}" = Catalyst Control Center Graphics Previews Vista
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9EBF6795-816C-06EB-BF29-06317FD5A730}" = Catalyst Control Center Localization Chinese Standard
"{9F2D3FB4-895E-A9F2-5B3A-118EDCE4E409}" = CCC Help Chinese Traditional
"{A2F6EEA0-DBCD-2389-BA8D-9A16DB60FAD8}" = Catalyst Control Center Graphics Full New
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5737DB-03C3-1526-F31E-D45A588D8459}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADBFC909-D682-10E2-43C6-790F25FA3296}" = CCC Help Finnish
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5DA1D7B-9494-A847-F185-EE4B8C48D905}" = CCC Help Hungarian
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD2CC796-A584-9399-098A-2C2F291ABD1A}" = Catalyst Control Center Localization Spanish
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05A2E05-73A2-2672-7B82-59F3932AF6AD}" = CCC Help Thai
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C1C9D5E7-761D-817F-DBF2-1E77E20121BB}" = CCC Help Portuguese
"{C39B346D-1E0D-CB23-CAC5-78CD5CBB495A}" = Catalyst Control Center Localization Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E794F3-2EAC-CA94-79ED-1E3E3267F40B}" = CCC Help Chinese Standard
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9690E1F-06A0-559B-37D2-B573DA95CA54}" = Catalyst Control Center Localization Danish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF217146-C889-3CB8-1490-07DA0DDB1318}" = CCC Help French
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D65F0073-A820-4085-B997-A061171595A7}" = oggcodecs
"{D68147A7-E42F-DA4B-209A-38CCC53702EC}" = Catalyst Control Center Localization Chinese Traditional
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F7D7E6EA-2B25-ABB1-0F4A-F39764C2D15B}" = Skins
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{f936c59d-3104-4a00-ad8a-f1d030ab5222}" = Nero 9 Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAF0230B-8A11-8052-AFC9-5DB998020FD5}" = Catalyst Control Center Localization Polish
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC7C3B82-C7CB-125A-23FE-EE268799F5E3}" = Catalyst Control Center Localization Turkish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Musics WAV to MP3 Converter 4.3_is1" = 4Musics WAV to MP3 Converter 4.3
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Toolbar" = AOL Toolbar 5.0
"Ask Toolbar_is1" = Ask Toolbar
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DVD-Cover-Designer-2005_is1" = Coverdesigner 1.05
"DxStd2_is1" = Droppix Recorder 2
"EADM" = EA Download Manager
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"Easy Cover Design Pro" = Easy Cover Design Pro 2.09
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Disc Burner_is1" = Free Disc Burner version 1.1
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free PDF Converter_is1" = Free PDF Converter
"Free Studio_is1" = Free Studio version 4.6
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.815
"Free YouTube Download_is1" = Free YouTube Download version 3.0.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"GameCenter" = GameCenter
"GameCenter_is1" = GameCenter 1.3.0.5
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Lexmark X1100 Series" = Lexmark X1100 Series
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Orb" = Winamp Remote
"PhotoEditing1.0.1" = PhotoEditing
"Pro Cycling Manager" = Radsportmanager Pro 2005-2006
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"quaeldich.de Tourenplaner" = quäldich.de Tourenplaner
"Riva FLV Player_is1" = Riva FLV Player
"Romantik" = Romantik
"Savoluca Danish DB v1.0" = Savoluca Danish DB v1.0
"Savoluca German 2006 DB v2.0" = Savoluca German 2006 DB v2.0
"Shop for HP Supplies" = Shop for HP Supplies
"Skispringen 2006 Demo_0001" = Skispringen 2006 Demo
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR Archivierer
"Winter Sports 2011_is1" = Winter Sports 2011
"ZDFmediathek_is1" = ZDFmediathek Version 1.4.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-320825625-2981028103-1688675666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"Dropbox" = Dropbox
"sc09-ORF_MAIN" = ORF-Ski Challenge 2009
 
< End of report >
         
--- --- ---

Alt 03.03.2012, 21:12   #5
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



und die extras-Liste:

RASOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.03.2012 20:55:51 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = I:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,24 Gb Total Space | 11,25 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 211,16 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive G: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 702,81 Mb Total Space | 639,33 Mb Free Space | 90,97% Space Free | Partition Type: UDF
 
Computer Name: AMBROSIUS | User Name: ambros
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-320825625-2981028103-1688675666-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03270EF0-B31E-4D51-B4E1-7237BD586CCC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0A37F5F0-C037-4429-9F2A-095419BD1ACB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D3FB593-CB5F-4953-8387-9B9B83ECBC20}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{23CA3A70-EFDC-4356-BE16-193F3324B610}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{379E1693-F938-4F0A-90CB-C2E5259B644D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{573C3627-4602-40FE-BF57-92C255207638}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5AC50EBF-B0C2-4A76-AE9B-32A2D8CFBAA7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5BA0A75F-8D6F-4BBF-9503-FA106D413ADC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{6415BF11-91D6-49DB-8C0E-F14DAB2D9E90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6856E770-64DB-44A3-99AD-63097A8B41E4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7283BADA-058E-46B6-BCBA-E9B65F9D12EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74502AF8-3C8E-4EC2-80D5-6C3C2A20221F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7BBC4813-ADBF-499F-96D0-931803A5C8CF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{840ADCFD-36C4-40D2-8D74-9784E7C1EAE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84ED9F84-D5DA-4917-98E8-437F7E5911EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{92FE17BE-71F7-46F7-A693-959F565431F2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{93AFF6C4-7149-491A-A96A-5220A9CCDBC6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B56BD2B-A474-4482-A71C-532EBDD42832}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A9D12304-29C4-42AF-85C7-FB8B5CE34EFA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC58103C-04CE-4870-8218-9388A3173C46}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AD24903A-CA7F-4101-AEB6-7CF8D9640CC6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CC2CFEA2-E0B5-411C-83DF-D393725B1821}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D69118FF-AB68-4F42-A350-57C16C6A2683}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9B13611-3263-459F-A3D0-91D4C1BDBEEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DDFF87DC-78F5-4447-8EA8-28717314429B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DEA47B64-089E-45CB-B8E2-BF02A2D4158E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E761C6C4-1735-4994-B948-2D16DD8D5D3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA29571C-EF3B-46BD-9958-ED5D5A27E74D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F00D7F59-1A02-42DF-8D19-F282C37D3EA4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8C2C574-D99D-430F-A375-48383F42C869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0207436F-4488-446A-9DD9-B66BC368016D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{07930548-3C3B-433E-B3F3-A4327D3257EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AFC2C63-C97D-4208-AECE-975964A73657}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B81BA00-1C81-4C5B-9A4E-2AE347ECE23B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0D0A8006-F2D9-46ED-BF61-F484890D2DEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0DF4A04F-A6F4-4BBA-A3E0-15EFF6545DC9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{0E512F93-B00E-4766-A3A6-6C95AC689EEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{143CC33D-2092-4BEA-8934-DD92F8859E83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{16E3A47E-375E-43E9-BE6D-2762DCF1C57A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{1AE7326B-1CDE-4AAE-BA8F-98EBE5C7B87F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2234DF98-5707-4353-B326-A88243A640DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | 
"{254BF2D4-CCA2-4D66-BDEF-20550554EEA4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{29C377E2-A7EA-46E7-833A-5F73D0241404}" = protocol=6 | dir=out | app=system | 
"{306B0885-87BC-4438-8644-F4422B32DD6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3275DAEA-2416-4F65-A9DA-4810C0F2395D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{397724E2-2E0B-4D6C-95FB-7B00EFB39B64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C1294ED-B344-44B0-85D2-875D0D0E10D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3F63B092-D972-41ED-803B-FAEFB6ECB7E5}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{40B46D9C-833F-48AD-949E-8F1582A21D21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4641BB0D-6B20-46A8-8E99-7E5DA4397AEB}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe | 
"{46A5C5A4-62A5-4DB6-B049-BCA395A28DAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{489B8E51-662A-4801-B022-916025C5D70A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{49063CC1-D840-4C02-9FE3-618A064318CC}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{5BF5205E-034C-4E63-9ECC-40ED81CD6795}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{60BE305E-E66E-4C9E-924F-506742C4AB55}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{610399C2-692C-40A4-9BF1-DE89F7154F75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{65FBC768-7152-4B51-9D4A-0B347E391CD2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6E091F29-4AC5-464B-AB13-944A76C7C3D1}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe | 
"{72A2340E-2177-4B7F-B759-D25A5C0830CF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{73DB8C34-1864-4CDA-9D0E-5C9E67EA9324}" = protocol=6 | dir=in | app=c:\users\ambros\appdata\roaming\dropbox\bin\dropbox.exe | 
"{74389C02-014D-480E-AF1B-021594078AF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77361811-B8DF-45D5-A830-C536DC0DC00C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{7D985193-9953-446A-BC9E-1258BA4032F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E0DA987-B4B0-4A05-ABC6-26E78B7CDB88}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe | 
"{81EF69B3-3F6C-4204-9537-4166B46BC54D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{8440AD3D-957E-43CA-9679-8A140155144C}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{84F3FF7F-F8C2-4CAB-AD6E-4BA5C5E03848}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8847DA14-7D9A-4A64-91F7-A5F3F8119EAC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{8D6C27FD-6B44-4A2F-B5AE-82953CDA6309}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{91BC1FC5-E32A-4893-98F9-33266A3E6446}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe | 
"{92FF157B-E949-4E6D-90FF-19ABC57931B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9BC77039-9DC2-4C77-A761-73E74EDDEEA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9BFC3B44-1757-4898-9C92-B3AEAEBEF136}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9D2245F7-1D48-4671-8B29-777FE76F2DD6}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe | 
"{9FB9F2BB-C9D2-4AA2-BF64-237CE8A18AE2}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe | 
"{A013E249-8B72-4F58-8B89-F8F2916FA3E8}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe | 
"{A3E0FCA7-8D9D-4D91-A818-974607B1B8FB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{AD82C8BF-B5D2-4AE7-A8E1-5AADF063651D}" = protocol=17 | dir=in | app=c:\users\ambros\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BA39CC57-A502-4CB5-9224-E413A2392940}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BADC8D02-6739-4E8A-946E-D885A454B26C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{C08836E0-911C-4471-B1F7-EE622957EDCA}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 
"{C1883AA0-0674-4BBE-A38E-AAAAC4DECEC8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{C5B39AFE-533D-4DB2-B01F-007DD93B1C6A}" = protocol=6 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
"{CC598DCD-61EF-4FAD-B27E-C48B110403D2}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 
"{D18297FA-0414-4C0E-846E-F8EB50C8B8A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D21E22C5-A023-47D9-B2D2-AA9E4617EA7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D442E6D4-4FF5-4BE3-800A-C831FD243ED7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DA5ED9DC-3931-4F1A-B88B-94A67E11FE21}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{DE37F91C-2B78-4EA5-9A40-90852CC76678}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{DF8986D1-8419-4A41-9E61-BEB4361E19CF}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{E0422518-BBE9-4C41-9197-BC1314312F40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{E18CF34F-4934-4BF4-A402-103851AE16C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{E7A8BA99-4553-43E7-97E2-8C83CD4B058C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe | 
"{EB549A2C-8936-455A-903A-857931244EBB}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{EE20702C-3AB9-4EC9-A915-E6D4E54A8012}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{F0A3A056-8055-439F-9A30-464409C04FBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1143941-0F09-47B9-B247-01E820026D7D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{F2B12524-9202-431C-9062-236852F7E96F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F2BE102C-BCA4-4B5B-859E-B5AFEF894B6D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{F2D777C3-D6B3-4CCB-9564-830017C9F5DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F45B631F-BF23-4E1D-9860-D64C2889DC35}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{F8374E8E-894A-4F6E-93FC-4A1F1CA442A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FF95C877-BDCE-4CAF-AEA3-51B9FDBC1611}" = protocol=17 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B10898-0693-5E45-8C0B-CB4B0C2CB5C9}" = CCC Help Spanish
"{01E71682-7A62-31B6-2E19-82C4C2C410C3}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05F5ADF7-B9BF-E5AC-FDA4-C412C150763F}" = Catalyst Control Center Localization Greek
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0892BA56-B55A-EA45-74A7-C728BEFCEE4A}" = Catalyst Control Center Localization Norwegian
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0BCE001B-D952-7242-1378-6B3188B7CDB6}" = Catalyst Control Center Localization Swedish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{111CE1DA-F2B6-B449-8BDC-BFA807EEF343}" = Catalyst Control Center Localization Thai
"{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z
"{1550A772-F3DF-9DCA-70E4-5BA5FEDBDDEE}" = CCC Help Norwegian
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1966E880-43C4-491F-9707-DF6DA870E5F2}" = SymNet
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.14.0.29
"{1B835521-00CB-B242-2072-DA41AE7E9F11}" = CCC Help Turkish
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{246771C5-5589-C809-90A3-95D380CAEB0C}" = CCC Help Dutch
"{253C3A51-A249-470F-A787-5645B289A118}" = Civilization III v1.21f
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2ACA4FB1-A1DB-BACF-05D8-9F654ED1F6F9}" = CCC Help Danish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{335901DF-7FC7-76E9-AEFB-3BD15D5C1B8E}" = Catalyst Control Center Localization German
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{37F36B08-76D1-58D0-0B62-C873B3F1E04A}" = Catalyst Control Center Graphics Full Existing
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43519E32-0AC9-ACBF-0AC9-000CEDEBCAFB}" = CCC Help Russian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440EE84D-A37A-E283-D538-0A4E94AC6243}" = Catalyst Control Center Localization Dutch
"{456B2B42-C082-8B6F-923C-2C8920ECF559}" = Catalyst Control Center Localization Czech
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4816702A-0879-4499-0085-ACFC0F65E811}" = NHL 2004
"{48382386-BA53-3B91-668C-DE3F4969C00C}" = ccc-core-static
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49521D72-2856-C7B9-F54E-26B116606B0D}" = Catalyst Control Center Localization Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D44D635-6EDA-4FA5-AB9B-23CF73DA58EA}" = Nero Express OEM
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50C5DCCD-C82F-3D45-AAC8-1E094717FF9B}" = CCC Help Czech
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{54F98E59-AC27-F6D6-8DF3-29E38BB1AFF9}" = Catalyst Control Center Localization Korean
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57921C23-454B-1B45-6C32-B1A8BFC76875}" = Catalyst Control Center Localization French
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5C9B4046-4B37-3595-7BAF-1FFF58F2BA88}" = Catalyst Control Center Core Implementation
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{61C2601F-D1F4-6CC3-858B-80A54A1C1360}" = CCC Help Greek
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E25BE3B-8E16-3A78-2BA7-1482A2D4743F}" = CCC Help English
"{6F26A541-E756-4C24-A36B-EFD3C6217EAF}" = CCC Help German
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722B4A13-F24D-43AE-8813-5DB82C0B23C2}" = HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{7491471D-DA69-6E11-623D-F3BCAF65F922}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}" = ATI Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F82D79D-81EF-DC6C-69FF-A45C282B1986}" = CCC Help Swedish
"{81ACE059-6894-21DE-E3AB-E8D6AF38B5C4}" = Catalyst Control Center Localization Portuguese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min
"{8572742E-08EA-FCEF-458A-4CE90851E804}" = Catalyst Control Center Localization Russian
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECCB29-DA5E-4002-B211-C3A148E48D63}" = map&guide base
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D8ABD26-50FA-2D1B-2B3D-72DEF1E800D0}" = ccc-utility
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F0CFF10-034C-EE7E-3B2D-8C7F117BB3A6}" = Catalyst Control Center Localization Finnish
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9075DF27-7C34-D2D5-4E66-970E0E99E320}" = Catalyst Control Center Graphics Light
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.538.0
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9858B284-0ACC-3EB1-BBF7-B0D1A5D0C2FD}" = CCC Help Japanese
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A85A260-CC99-8DA9-0D03-60C12BE82189}" = CCC Help Polish
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6C29FF-850B-9425-7B34-B21526874121}" = Catalyst Control Center Graphics Previews Vista
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9EBF6795-816C-06EB-BF29-06317FD5A730}" = Catalyst Control Center Localization Chinese Standard
"{9F2D3FB4-895E-A9F2-5B3A-118EDCE4E409}" = CCC Help Chinese Traditional
"{A2F6EEA0-DBCD-2389-BA8D-9A16DB60FAD8}" = Catalyst Control Center Graphics Full New
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5737DB-03C3-1526-F31E-D45A588D8459}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADBFC909-D682-10E2-43C6-790F25FA3296}" = CCC Help Finnish
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5DA1D7B-9494-A847-F185-EE4B8C48D905}" = CCC Help Hungarian
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD2CC796-A584-9399-098A-2C2F291ABD1A}" = Catalyst Control Center Localization Spanish
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05A2E05-73A2-2672-7B82-59F3932AF6AD}" = CCC Help Thai
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C1C9D5E7-761D-817F-DBF2-1E77E20121BB}" = CCC Help Portuguese
"{C39B346D-1E0D-CB23-CAC5-78CD5CBB495A}" = Catalyst Control Center Localization Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E794F3-2EAC-CA94-79ED-1E3E3267F40B}" = CCC Help Chinese Standard
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9690E1F-06A0-559B-37D2-B573DA95CA54}" = Catalyst Control Center Localization Danish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF217146-C889-3CB8-1490-07DA0DDB1318}" = CCC Help French
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D65F0073-A820-4085-B997-A061171595A7}" = oggcodecs
"{D68147A7-E42F-DA4B-209A-38CCC53702EC}" = Catalyst Control Center Localization Chinese Traditional
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F7D7E6EA-2B25-ABB1-0F4A-F39764C2D15B}" = Skins
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{f936c59d-3104-4a00-ad8a-f1d030ab5222}" = Nero 9 Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAF0230B-8A11-8052-AFC9-5DB998020FD5}" = Catalyst Control Center Localization Polish
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC7C3B82-C7CB-125A-23FE-EE268799F5E3}" = Catalyst Control Center Localization Turkish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Musics WAV to MP3 Converter 4.3_is1" = 4Musics WAV to MP3 Converter 4.3
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Toolbar" = AOL Toolbar 5.0
"Ask Toolbar_is1" = Ask Toolbar
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DVD-Cover-Designer-2005_is1" = Coverdesigner 1.05
"DxStd2_is1" = Droppix Recorder 2
"EADM" = EA Download Manager
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"Easy Cover Design Pro" = Easy Cover Design Pro 2.09
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Disc Burner_is1" = Free Disc Burner version 1.1
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free PDF Converter_is1" = Free PDF Converter
"Free Studio_is1" = Free Studio version 4.6
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.815
"Free YouTube Download_is1" = Free YouTube Download version 3.0.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"GameCenter" = GameCenter
"GameCenter_is1" = GameCenter 1.3.0.5
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Lexmark X1100 Series" = Lexmark X1100 Series
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Orb" = Winamp Remote
"PhotoEditing1.0.1" = PhotoEditing
"Pro Cycling Manager" = Radsportmanager Pro 2005-2006
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"quaeldich.de Tourenplaner" = quäldich.de Tourenplaner
"Riva FLV Player_is1" = Riva FLV Player
"Romantik" = Romantik
"Savoluca Danish DB v1.0" = Savoluca Danish DB v1.0
"Savoluca German 2006 DB v2.0" = Savoluca German 2006 DB v2.0
"Shop for HP Supplies" = Shop for HP Supplies
"Skispringen 2006 Demo_0001" = Skispringen 2006 Demo
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR Archivierer
"Winter Sports 2011_is1" = Winter Sports 2011
"ZDFmediathek_is1" = ZDFmediathek Version 1.4.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-320825625-2981028103-1688675666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"Dropbox" = Dropbox
"sc09-ORF_MAIN" = ORF-Ski Challenge 2009
 
< End of report >
         
--- --- ---


Alt 04.03.2012, 18:10   #6
markusg
/// Malware-holic
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



ast du in der zwischenzeit irgendwas gelöscht? ist das der betroffene nutzer account von dem geprüft wurde?
__________________
--> AKM 50€-Virus... und nichts geht mehr

Alt 04.03.2012, 20:27   #7
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



Das ist der betroffene Nutzer-Account: Aber, ich war nicht in der Lage von der CD zu booten, weil mein internes CD-Laufwerk nicht mehr funktioniert und mein Laptop das Externe, trotz vieler, langwieriger Versuche übers BIOS nicht erkannt hatte.
Kurz vorm Verzweifeln hab' ichs dann mit der Systemwiederherstellung vom 24.Februar (ein paar Tage vor AKM) probiert, darufhin ist mein Benutzeraccount wieder gegangen, ich hab den OTLscan durchgeführt und es gab sonst keine Virenanzeichen mehr. Lediglich mein mobiles Internet funktioniert derzeit nicht...

Alt 04.03.2012, 20:35   #8
markusg
/// Malware-holic
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



und wann in etwa hattest du geplant das hier zu schreiben?
welches problem gibts mit dem internet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2012, 20:43   #9
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



Es tut mir leid, dass ich das erst jetzt dazu geschrieben habe...

mit dem Internet gibt es das Problem, dass der Mobile-Stick zwar erkannt wird, die Verbindung hergestellt und angezeigt wird, aber die zu öffnenden Seiten sich so verhalten als gäbe es keine Verbindung mehr
Hängt das mit dem Virus zusammen? Ist dieser durch die Systemwiederherstellung nun auch aus dem System gelöscht?

Alt 04.03.2012, 20:44   #10
markusg
/// Malware-holic
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



gibts denn fehlermeldungen wenn du mit dem internet verbindest?
schon mal die software de- und neu instaliert?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2012, 20:50   #11
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



eine Fehlermeldung gibts, wenn ich nach Reparaturen frage: "Möglicherweise liegt ein Problem mit mindestens einem Netzwerkadapter dieses Computers vor"

Alt 04.03.2012, 20:51   #12
markusg
/// Malware-holic
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



hattest du die software komplett de und neu instaliert?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2012, 20:56   #13
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



also Fehlermeldung hats insofern gegeben: "Möglicherweise liegt ein Problem mit mindestens einem Netzwerkadapter dieses Computers vor"
Das De- und Installieren hat diese Lage nicht verändert

Alt 04.03.2012, 20:57   #14
markusg
/// Malware-holic
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



was wird im gerätemanager angezeigt, irgendwelche hardware probleme?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2012, 20:58   #15
laokoon
 
AKM 50€-Virus... und nichts geht mehr - Standard

AKM 50€-Virus... und nichts geht mehr



ich hatte die Software jetzt grade über das Deinstallationsmenü komplett De- und dann wieder installiert

Antwort

Themen zu AKM 50€-Virus... und nichts geht mehr
50 euro, abgesicherte, abgesicherten, abgesicherten modus, akm 50 euro virus, akm virus, aufforderung, bildschirm, dringend, erwischt, euro, hilfe nötig, hinweis, modus, nichts, nichts geht mehr, nötig, probleme, problemen, start, verbindungsproblem, virus, zahlen




Ähnliche Themen: AKM 50€-Virus... und nichts geht mehr


  1. Hier geht gar nichts mehr...--.-- (Virus, CPU-Auslastung 100%)
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (7)
  2. GVU Virus - absolut nichts geht mehr
    Log-Analyse und Auswertung - 12.08.2013 (1)
  3. Polizei-Startseite DZ3RO.JS Virus - fast nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (11)
  4. Virus ähnlich Bundestrojaner-Webcam plötzlich aktiviert-Nichts geht mehr :(
    Log-Analyse und Auswertung - 28.11.2012 (8)
  5. Gema Virus - geht gar nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  6. Bundespolizei Virus - Nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (13)
  7. 50€ Virus - Movie2k geöffnet und nichts geht mehr - ausser bezahlen?
    Log-Analyse und Auswertung - 02.04.2012 (1)
  8. 50 Euro Virus mit Deutschlandflagge.Nichts geht mehr!
    Log-Analyse und Auswertung - 01.04.2012 (9)
  9. Gema-Virus! Bei mir geht nichts mehr. 100,-€?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (5)
  10. Gema Virus - es geht gar nichts mehr!
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (1)
  11. Virus - nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  12. BKA Virus und nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (3)
  13. Wurm/Virus - nichts mehr geht - Mit OTL.exe dateien
    Log-Analyse und Auswertung - 15.05.2011 (30)
  14. Nach Installation von AntiVir geht nichts mehr. Heftiger Virus?
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (5)
  15. Virus - nichts geht mehr: Fehlersuche?
    Log-Analyse und Auswertung - 17.01.2010 (2)
  16. Trojaner/Virus - Nichts (Firefox, ICQ usw.) geht mehr ....
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (0)
  17. Virus~Nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 22.10.2005 (6)

Zum Thema AKM 50€-Virus... und nichts geht mehr - Hallo!! Auch mich hat der 50 Euro akm Virus erwischt und selbst beim Start mit dem abgesicherten Modus kommt nur die Aufforderung 50€ zu zahlen bzw. ein Bildschirm, der mich - AKM 50€-Virus... und nichts geht mehr...
Archiv
Du betrachtest: AKM 50€-Virus... und nichts geht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.